[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: standard for stegonography?
On Tue, 1 Mar 1994, Matthew Gream wrote:
> Earlier, Sergey Goldgaber wrote:
>
> > Didn't you mention something along the lines of hiding "---BEGIN PGP" headers
> > by using one-time pad encryption? Or did I wildly misinterpret you?
>
> No. I said that, and I was referring to the case where you have a particular
> stegonographic technique such as pixel modulation, it could be an idea to
> place an encrypted header using something like IDEA in CFB that not only
> encrypts a signature but an identifier so as to know which program actually
^^^^^^^^^
You were originally referring to PGP in particular, were you not?
> did the stego, and hence be able to demodulate with that particular
> technique. Therefore if you had seperate programs, each could interoperate.
>
Yes, I understand that your proposal is compatible with a variety of other
schemes. However, as you note below, this provides very limited security,
unless the key is _non_standardized.
> Even though the essense of stego is to not know a message is hidden in a
> particular medium, whenever specific software comes out to do certain stego
> (jpegs etc), I can see NSA spooks adding it onto their short list of s/ware
> to run across any pictures they get. Stego becomes sort of pseudo-Stego and
> loses a certain amount of gain it once had (of course, if all you do is
> Stego an encrypted file without any structure, it'll be safe).
>
"Pseudo-Stego" can be relatively secure as long as a large number of
different hiding schemes/standards are used by the public. An effective
means of ensuring this would be to use the reciever's public-key
checksum-value as the standard offset for stego. The large number of
public-keys available make it rather infeasable for one's opponents to try
them all. This, I believe, provides pretty adequate security (assuming one
strips any telltale headers off the hidden file beforehand).
> My 5c.
>
> Matthew.
> --
> Matthew Gream. ph: (02)-821-2043. [email protected].
> PGPMail and brown paperbags accepted. - Non Servatum -
> ''weirdo's make the world go around'' - A.Watts
>