[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Standard for Stenography?

To: Mike McNally <[email protected]>
Subject: Re: Standard for Stenography?
From: Sergey Goldgaber <[email protected]>
Date: Sat, 5 Mar 1994 01:21:43 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Fri, 4 Mar 1994, Mike McNally wrote:

> Maybe not, but if you've been paying atention you know of a great deal
> of theory that support the intractability of solving certain problems
> in realistic amounts of time.  Most PK cryptosystems are based on
> relatively simple principles of mathematics.  It stretches the
> imagination to think that the NSA somehow has solved the factoring
> problem; I concede it's possible, but unlikely.

Granted.

> 
>  > The point is, that in the real world, we'll never know if our algorithms 
>  > are "good enough to withstand an opponent who has full documentation of 
>  > your algorithms and methods lots of funds, and everything except your keys."
> 
> Depends on what you mean by "know", I guess.

know = 100% objective certainty

> 
>  > > security-by-obscurity is a naive waste of time,
>  > 
>  > I still don't see why.
> 
> Well, you can't tell when you've been compromised, 

How can you tell that you've been compromised if you stick to 
non-security-by-obscurity methods?

> and you have no
> rigorous way of demonstrating the robustness of your obscurity.

That would be difficult.  But, lack of objective measures does not mean 
that security-through-obscurity is innefective.  BTW, there may be some 
statistics on the effectiveness of StO, somewhere.  (Anyone out there 
heard of any?)

> The real problem, however, is that you'll have a hard time convincing
> anybody else to participate.

I am not trying to convince everyone hide their data in the same place I 
am hiding it.  Simply consider hiding it, rather than leaving it out in 
the open!  That's not too crazy a proposition, is it?

> You can hide all your valuables in a really clever place and do all
> sorts of really clever secret things to protect them, and that may
> make you feel secure.  However, you won't be able to convince me to
> entrust *my* valuables to you unless you explain to me the details of
> your techniques.

Take your encrypted data.  Stick it in a file, using a variable offset.
That's all there is to it.

Sergey

Follow-Ups:
- Re: Standard for SteGAnography
  - From: Eli Brandt <[email protected]>

References:
- Re: Standard for Stenography?
  - From: [email protected] (Mike McNally)

Prev by Date: Re: more steganography talk
Next by Date: French Govt Confirms Plans To Issue Smart Card ID Cards 03/04/94
Prev by thread: Re: Standard for Stenography?
Next by thread: Re: Standard for SteGAnography
Index(es):
- Date
- Thread