[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stego Standards Silly ? (

To: [email protected], [email protected]
Subject: Stego Standards Silly ? (
From: [email protected] (MONTY HARDER)
Date: Sun, 16 Jul 95 09:28:00 -0500
Organization: The First Amendment BBS
Reply-To: [email protected] (MONTY HARDER)
Sender: [email protected]

LM> The standard answer to agent-in-the-middle tampering is of
LM> course digital signatures. Now, the question is, will we be allowed to sign
LM> our possibly-stego-enclosing GIFs with reasonable confidence that the govt.
LM> can't forge our signatures ? Obviously the signature itself can't be
LM> stegoed, or else we fall into an infinite regress.

  Not obvious at all. You encrypt and sign as usual, stego the resultant
output, and perhaps include in the stego routines some kind of CRC or
hash if you like. But the point is that the signature still works to
indicate whether the message was tampered with or not.

  If we posit a MITM, he can tamper with cyphertext =or= stegotext, but
he can't defeat the signature. I would recieve a GIF which my stego
software would turn into a file that PGP would puke on, telling me that
Someone Is Messing With My Mail.

  I would not, of course, be able to reveal this fact directly. However,
I could ask my correspondent to re-send the GIF, and when it comes out
different in EVERY SINGLE LSB, I have proof of tampering.

 * Support legislation for a waiting period on taglines.......
---
 * [email protected] *

Follow-Ups:
- Re: Stego Standards Silly ? (
  - From: [email protected] (L. McCarthy)

Prev by Date: G0D_dim
Next by Date: DOJ Press Release, S. 974?
Prev by thread: G0D_dim
Next by thread: Re: Stego Standards Silly ? (
Index(es):
- Date
- Thread