[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: really undetectable crypto
> Your assumptions are correct. Applied Cryptography by
> Schneier discusses this method, referring to it as a
> "subliminal channel".
Why am I not surprised. :-)
> Because of the very (VERY) slow transmission times (on
> the order of 1 bit/message), he notes it primarily as a
> secure method of exchanging keys.
I would think you could do better than 1 bit per message. Using just
hashes, I would think you could get at least 4-8 bits per message using a
standard Pentium-class machine. Maybe more, I haven't actually run any
tests to see how long it would take to generate innocent messages that
produces hashes with specific bits in certain positions.
> In his discussion, he also incorporated a bit in the
> signature, thus assuring the communication is
> travelling to the intended recipient unmolested.
I don't see why this is necessary. If the hidden message is encrypted
using a key (or key pair) known only to Alice and Bob, then Walter should
not be able to fool Bob. Walter could disrupt the communications in any
number of ways, but he wouldn't be able to generate innocent messages that
produce hashes that contain bits that combine to form a message encrypted
using a key (or key pair) known only to Alice and Bob.
> However, to be "extremely sublime", your method could be
> incorporated with otherwise signed messages: while the
> signature appearing with your message includes an MD5
> hash, the real "stego bit" is the first bit of an RC4 hash of
> the same file, as computed by an external program on the
> receiver's end.
The above paragraph has given me an idea: You don't need to send hashes
or digital signatures to send hidden encrypted messages. All Alice needs
to send is the carefully constructed plaintext. Bob can generate the
hashes himself, extract the proper bits and attempt to decrypt the hidden
message. If the hidden message does not decrypt, then either the
plaintext was tampered with, it was forged, or not all of the plaintext
That being the case, then I think we have a very simple proof that any
communications channel, even one that allows only unsigned plaintext
messages, can be used to send arbitrary encrypted messages (if a bit
slowly). So much for Clipper.