[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: standard for stegonography?




Sergey Sez:
> Have the offset default to the checksum-value of the reciever's public key!  
> The sending program could have the user specify the reciever, look his key
> up in the public-keyring and offset the message accordingly.  While, the 
> recieving program would automatically scan the file starting at the 
> appropriate offset based on the same public key checksum-value.

While Tim May Sez:

> Lots of options for standards. As others have noted, you just don't
> want to have to flag what standard you're using in the message itself
> (in plaintext, else why bother?) as that means the stego use is not
> longer plausibly deniable.


I think these two have a lot to do with each other. Sergeys' suggestion 
would definitely make it a tougher to pick out a starting place to 
search for hidden text. However, the message (if it is ever found in the 
file) points to the intended recipient. This defeats the purpose of 
"stealth pgp", (which would probably be used in this case to strip off 
telltale headers and such). 

If you weren't worried about this type of deniability, though, I don't 
see a problem with it.

mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: [email protected]      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger [email protected]