[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

more steganography talk



>The idea:  Encrypt a widely known value with the recipient's  
>public-key and use the result as an initialization vector for a  
>clever transformation/steganography algorithm.  

How many public keys are there can there be?

Assume one hundred each for 10 billion persons.  That's 2^40 keys, or
an effective key length of 40 bits.  Since there are not more than
2^16 public keys right now (a generous estimate) we can assume that
this technique is insecure for public keys.

Of course, if the public key is not actually public, but only in the
possession of the sender, that's another matter, but just try keeping
a public key under close distribution sometime.  Both PGP and PEM fail
to support protocols to restrict the distribution of 'public' keys.

Public should mean that the key is held by someone other than the
holder of the private key, not that the key is necessarily available
to everyone.

Eric