[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Standard for Stenography?



Sergey writes:
> I have often heard it said that one should always assume that one's 
> opponent knows everything except one's secret key.  To me, this makes no 
> sense!  If your opponent is good enough and determined enough to get by 
> all the layers of obscurity you may have put up, than its just one more 
> step to getting your secret key.

If your cryptography methods are good enough to withstand an
opponent who has full documentation of your algorithms and methods,
lots of funds, and everything except your keys, then you don't
need to waste your time with all the other stuff.  And if you can't
protect a couple of keys, it doesn't really matter how much other
security you have.

On the other hand, steganography is almost by definition an obscurity
technique, and while security-by-obscurity is a naive waste of time,
obscurity-by-obscurity is hard to argue against real clearly :-)
On the other hand, if your cyphertext looks like random bits anyway,
it doesn't take a lot to make them invisible.

The real need is to make your data look like Somebody Else's Problem....

			Bill