[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more steganography talk



Eric Hugher, replying to somebody, writes:	
> > The idea:  Encrypt a widely known value with the recipient's  
> > public-key and use the result as an initialization vector for a  
> > clever transformation/steganography algorithm.  
> 
> How many public keys are there can there be?
> Assume one hundred each for 10 billion persons.  That's 2^40 keys, or
> an effective key length of 40 bits.  Since there are not more than
> 2^16 public keys right now (a generous estimate) we can assume that
> this technique is insecure for public keys.

If you're going to go to the trouble of using a public key,
including handling generation, distribution and validation of public keys,
you might as well use a "clever transformation/steganography algorithm"
that's good enough that a brute-force search of all the public keys
won't reverse it.  A good candidate for such an algorithm would be IDEA -
and if this sounds like I'm reinventing PGP, it's intentional :-)

Essentially, you're proposing wrapping PGP in PGP, or in weakened-PGP.
Better to just use Stealth-PGP to eliminate the distinctive markers
that make PGP easy to find, maybe run the code through tran for
extra scrambling if you're not running pnmstega, and then steganize.
And make sure that if you write PGP, The Next Generation, you make
it stealthy so people who don't have the right keys just see noise.

		Bill