[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: standard for stegonography?
On Sun, 27 Feb 1994, Jef Poskanzer wrote:
> On reflection, it seems that some users will want an interoperable
> standard, and other users will want complete stealth. So what I'll
> do is add a bunch of switches to pnmstego and pnmdestego, so that
> the user can specify all sorts of different formats. Letting the
> switches default will get you a simple interoperable mode, so you
> can send stuff to people without prior arrangement or put stuff on
> an ftp server; but an attacker will be able to extract the bits and
> try to decrypt them. Specifying things like offsets and bit-usage
> schedules will mean that the attacker won't even be able to extract
> the bits; but the settings you use will be equivalent to that much
> more key material that you have to communicate or remember.
> ---
> Jef
>
What about this as a standard?:
Have the offset default to the checksum-value of the reciever's public key!
The sending program could have the user specify the reciever, look his key
up in the public-keyring and offset the message accordingly. While, the
recieving program would automatically scan the file starting at the
appropriate offset based on the same public key checksum-value.
No secure channels would be necessary for dissemating offset values.
And, one's opponents wouldn't know where to look unless they knew:
1 - That there may be a message hidden in the file.
2 - That it is hidden with this particular stego standard in mind.
3 - The reciever's public key.
Adopting this as a standard would, in my oppinion, offer a great advantage
over simply using a constant offset.
Of course, as it has been pointed out, there should always be the option
of providing a custom (non-standard) offset in the intrest of greater
security.
All feedback welcome,
Sergey
PS: This could also be implemented using any combination of the
checksum-value(s) of the sender's and/or the reciever's
public/private keys. However, this will have very different
implications from the suggested method.