[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: [email protected]*Subject*: really undetectable crypto*From*: [email protected] (Jim Miller)*Date*: Thu, 12 Sep 96 19:26:56 -0700*Reply-To*: [email protected]*Sender*: [email protected]

Most everybody on the list is familiar with the technique of hiding encrypted messages in the LSBs of image files. Personally, I would not use such a technique because don't I believe it's really undetectable. I assume, without proof, that the LSBs of images files have statistical properties that are sufficiently different from encrypted data that a clever person could determine whether or not an image file contained an imbedded encrypted message. Fortunately, there are other steganographic techniques that, I believe, are undetectable. The trick is to hide your encrypted bits in other encrypted bits. trick #1) Let's say you want to send a short encrypted message via a communications channel that only allows cleartext messages with optional MD5 message hashes. You can construct cleartext messages, via trial-and-error, such that the first 4 or 8 bits (or more, if you have the time) of the MD5 hash match the first 4 or 8 bits of your encrypted message. You can pre-compute all the required cleartext messages in advance, and then send them one after another. The recipient of the cleartext messages can reconstruct the encrypted message by gathering together the first 4 or 8 bits of each MD5 hash. Since the bits in an MD5 message hash are presumably cryptographically random, there should be no way to tell if some of the bits combine to make an encrypted message. trick #2) Let's say you are allowed to use 40 bit encryption, but nothing stronger. As in trick #1, you can pre-compute plaintext messages such that the first 4 or 8 of the bits in the output of the government-approved 40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted message. trick #n) see above. Any communications channel that allows you to send *any* bits that are cyptographically random can be used to send arbitrary encrypted messages. [email protected] P.S. The pre-computed plaintext messages don't have to be garbage messages. You can probably make an innocent-looking message produce the desired bits by adding extra whitespace or typos.

- Prev by Date:
**Re: Jury Nullification = Voting One's Conscience** - Next by Date:
**Re: Fed appellate judge remarks re anonymity, free speech on the net** - Prev by thread:
**Re: "Remailers can't afford to be choosy"** - Next by thread:
**Re: really undetectable crypto** - Index(es):