[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: really undetectable crypto

To: [email protected]
Subject: Re: really undetectable crypto
From: [email protected] (Jim Miller)
Date: Fri, 13 Sep 96 16:06:06 -0700
Reply-To: [email protected]
Sender: [email protected]


> Your assumptions are correct.  Applied Cryptography by
> Schneier discusses this method, referring to it as a
> "subliminal channel".

Why am I not surprised.  :-)


> Because of the very (VERY) slow transmission times (on
> the order of 1 bit/message), he notes it primarily as a
> secure method of exchanging keys. 

> 


I would think you could do better than 1 bit per message.  Using just  
hashes, I would think you could get at least 4-8 bits per message using a  
standard Pentium-class machine.  Maybe more, I haven't actually run any  
tests to see how long it would take to generate innocent messages that  
produces hashes with specific bits in certain positions.


> In his discussion, he also incorporated a bit in the
> signature, thus assuring the communication is
> travelling to the intended recipient unmolested.

I don't see why this is necessary.  If the hidden message is encrypted  
using a key (or key pair) known only to Alice and Bob, then Walter should  
not be able to fool Bob.  Walter could disrupt the communications in any  
number of ways, but he wouldn't be able to generate innocent messages that  
produce hashes that contain bits that combine to form a message encrypted  
using a key (or key pair) known only to Alice and Bob.


> However, to be "extremely sublime", your method could be
> incorporated with otherwise signed messages: while the
> signature appearing with your message includes an MD5
> hash, the real "stego bit" is the first bit of an RC4 hash of
> the same file, as computed by an external program on the
> receiver's end. 

> 


The above paragraph has given me an idea:  You don't need to send hashes  
or digital signatures to send hidden encrypted messages.  All Alice needs  
to send is the carefully constructed plaintext.  Bob can generate the  
hashes himself, extract the proper bits and attempt to decrypt the hidden  
message.  If the hidden message does not decrypt, then either the  
plaintext was tampered with, it was forged, or not all of the plaintext  
arrived.

That being the case, then I think we have a very simple proof that any  
communications channel, even one that allows only unsigned plaintext  
messages, can be used to send arbitrary encrypted messages (if a bit  
slowly).  So much for Clipper.

[email protected]

Prev by Date: Re: did you go to school?
Next by Date: Re: 56 kbps modems
Prev by thread: really undetectable crypto
Next by thread: Re: really undetectable crypto
Index(es):
- Date
- Thread