[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chaff in the Channel (Stealth PGP work)



Is anyone here on the Steganography mailing list? Last I checked it
looked pretty dead, which is a shame. Stego seems to be a really
important topic, and a difficult one at that. The good news is there's
all sorts of entropy in the data we send back and forth, the bad news
is it's hard to actually exploit it.

[email protected] (Timothy C. May) writes:
>This is my take on fixing the stego situation. Instead of worrying about a
>"stealth PGP version," which is likely to be only a slight speed bump
>(because of the statistics), think about flooding the detection channels.

The stealth PGP is, of course, a necessary element: you have to remove
the big "THIS IS AN ENCRYPTED MESSAGE FOR RESISTOR-CELL-23" before you
can slip it in somewhere.

As noble as "flood the detection channels" sounds, has it really ever
succeeded? Do people who don't care about privacy day to day ever go
through extra trouble to make other people's privacy easier? I can
think of two public efforts to increase noise that have failed:
putting Spook keywords in all Usenet posts, and using PGP email for
normal day to day traffic. The failure of the second channel-flooding
is especially notable: even people doing serious crypto hacking, with
well established public keys, don't seem to PGP encrypt normal day to
day traffic. It's just not convenient enough.

I think asking people to increase entropy in their day to day
communication is doomed to fail, it's just too much trouble. Better to
exploit the entropy we already have, and maybe encourage designers of
new systems to build in some extra entropy sources when they get the chance. 

I've got some specific ideas, but am a bit nervous about talking about
them because of intellectual property issues. Also, I'm not convinced
that unlike cryptography, some extra security can be maintained in a
steganographic system by not disclosing the way it works. I haven't
resolved these concerns, but would be happy to engage in some
metadiscussion about them.