[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: standard for stegonography?

To: Matthew Gream <[email protected]>
Subject: Re: standard for stegonography?
From: Sergey Goldgaber <[email protected]>
Date: Mon, 28 Feb 1994 18:32:28 -0500 (EST)
Cc: [email protected], [email protected], [email protected]
In-Reply-To: <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

On Tue, 1 Mar 1994, Matthew Gream wrote:

> Earlier, Sergey Goldgaber wrote:
> 
> > Didn't you mention something along the lines of hiding "---BEGIN PGP" headers
> > by using one-time pad encryption?  Or did I wildly misinterpret you?
> 
> No. I said that, and I was referring to the case where you have a particular
> stegonographic technique such as pixel modulation, it could be an idea to
> place an encrypted header using something like IDEA in CFB that not only
> encrypts a signature but an identifier so as to know which program actually
             ^^^^^^^^^
You were originally referring to PGP in particular, were you not?

> did the stego, and hence be able to demodulate with that particular 
> technique. Therefore if you had seperate programs, each could interoperate.
> 

Yes, I understand that your proposal is compatible with a variety of other 
schemes.  However, as you note below, this provides very limited security, 
unless the key is _non_standardized.

> Even though the essense of stego is to not know a message is hidden in a
> particular medium, whenever specific software comes out to do certain stego
> (jpegs etc), I can see NSA spooks adding it onto their short list of s/ware
> to run across any pictures they get. Stego becomes sort of pseudo-Stego and
> loses a certain amount of gain it once had (of course, if all you do is
> Stego an encrypted file without any structure, it'll be safe).
> 

"Pseudo-Stego" can be relatively secure as long as a large number of 
different hiding schemes/standards are used by the public.  An effective 
means of ensuring this would be to use the reciever's public-key 
checksum-value as the standard offset for stego.  The large number of 
public-keys available make it rather infeasable for one's opponents to try 
them all.  This, I believe, provides pretty adequate security (assuming one 
strips any telltale headers off the hidden file beforehand).

> My 5c.
> 
> Matthew.
> -- 
> Matthew Gream. ph: (02)-821-2043. [email protected].
> PGPMail and brown paperbags accepted. - Non Servatum -
>   ''weirdo's make the world go around'' - A.Watts
>

Follow-Ups:
- Re: standard for stegonography?
  - From: Jeremy Cooper <[email protected]>

Prev by Date: Re: Dorothy Denning
Next by Date: CM:
Prev by thread: standard for stegonography?
Next by thread: Re: standard for stegonography?
Index(es):
- Date
- Thread