Re: Simpler solutions (was Re: Stealth PGP work)

[Bill Stewart <stewarts@ix.netcom.com>]

At 12:45 AM 2/28/96 +0000, "Deranged Mutant" <WlkngOwl@UNiX.asb.com> wrote:
>Adam Back <aba@dcs.ex.ac.uk> wrote:
>
>[lots of stuff about stealth PGP snipped]
>
>This seems to be quite a lot of effort that complicates things. It 
>would be simpler for two stealth communicators to use other means of 
>hiding the fact that a message is PGP'd... (1) stego, in various 
>forms, if done properly would make most attackers not suspect a PGP 
>message is inside something, 

One point of stealth-pgp is to make an encrypted message you _can_
safely hide with stego.  Since the Bad Guys can take your stegofied picture,
destego it, and see the string ------ BEGIN PGP CONTRABAND DATA,
you can't get away with saying "no, that's just a picture of my cat,
blurred a bit because he was moving", which you can if you use a true
stealth version of PGP or other crypto program.

Another major point is to make PGP messages that you can post in public,
which the recipient can decode, but which _don't_ say
"From 007 To 86 and 99" in the headers.  That's easier, but still a bit of work.

>(2) use another encryption program, with 
>a known key shared by two users, that turns the PGP message into pure 
>unmarked 'randomness', 
>[.... (3) a pad-based variant ...]

You're down to key exchange; the big reason for public-key systems is to
avoid it.


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281