[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: signed mail + steganography = ?



-----BEGIN PGP SIGNED MESSAGE-----


writes Peter Baumbach:
>
>What if you couldn't tell when a letter was signed unless you new the  
>public key of the person signing it?  How could this be done?  Encode 
>the digital signature with steganography.  Is this possible when  
>steganography alters the very message you wish to sign?  I don't know. 
>  
>The benefit of this is signed and unsigned messages look like each other. 
>People can't be lazy anymore and just assume the signature is yours.  
>Your boss isn't likely going to notice you used pgp to sign your mail. 
>  
>Peter Baumbach
>[email protected]
> 
>  

What if you were to use a higher number of bits per character than 
ascii?  Then you could use the highest (or lowest) bit for a signature.

This may not be such a good idea for ascii mail, but if there is ever
a real "multi-media" (I _hate_ that term) mail, such as 'ol NeXTmail,
then I can see how it would be easy to squeeze in a signature.

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons   email: [email protected]
|   Colorado State University Computer Visualization Laboratory
|   Finger [email protected] for my PGP key
|   Key fingerprint =  2D CD 07 CA 7B EC A8 4A  86 7F F3 A8 1D 15 65 46
|   Title 18 USC 2511 and 18 USC 2703 Protected --> Monitoring Forbidden
+--------+ Guerrilla Cryptographer             Always remember "Brazil"