[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: standard for stegonography?????!!!!??




On Mon, 28 Feb 1994, Arsen Ray Arachelian wrote:

> Guys, I thought the whole point of stego was to hide the fact that
> you're hiding data in a file.  Having a "standard" for this is
> a bad idea i the sense that if you have a standard, you make it
> that much easier for the bad guys to intercept and find what
> you are trying to hide!
> 

That is correct.  The standard should be to have no standard!  :)
But, if you must have a standard, some variability would help.  I outlined
a "variable standard" in another recent message in this thread.

A fictional example of a legitimate need for standardization and a possible 
solution follows:


  Feb. 1998

  Jack and Jill are both readers of cypherpunks and long-time users of PGP.
"Stealth PGP" and "Stego+" have become very popular.  Unfortunately, 
Clipper is a legal necessity for all computer communication.  

  Jack wants to send Jill a _truely_ private message.  Using only Clipper is 
not an option; neither is "Stealth PGP", on its own; as, meerly owning 
non-Clipper encrypted files has recently been successfully used as grounds 
for search warrants, equipment confiscations, and miscellaneous court 
sanctions.

  Luckily, it has become particularly popular to use "Stealth 
PGP" in combination with "Stego+" to hide messages in PictureCD files.  
Knowledgeable users regularly scan alt.videos.binaries.misc for messages.  
Although Jack would like additional security that he would obtain from 
using a non-standard stegonagraphy program, this is his first message to 
Jill.  He can not simply send plain-text email to Jill telling her to use 
the new "SuperStego", for obvious reasons.

  Jack therefore uses the standard, relatively secure, method and 
sends the message via "Stealth PGP" & "Stego+" in TEST.CD on 
alt.videos.binaries.misc; thereby evading the ClipperCops.



Sergey