[19734] in cryptography@c2.net mail archive
Re: NSA explains how to redact documents electronically
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jan 25 12:29:53 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: John Levine <johnl@iecc.com>
Cc: cryptography@metzdowd.com
In-Reply-To: (Your message of "25 Jan 2006 03:02:47 GMT.")
<20060125030247.93612.qmail@simone.iecc.com>
Date: Wed, 25 Jan 2006 01:53:24 -0500
In message <20060125030247.93612.qmail@simone.iecc.com>, John Levine writes:
>>http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf
>>
>>One wonders how long it will be till someone finds an error...
>
>Even if it's right, it's so complicated that it seems rather
>optimistic to expect people to follow it correctly every time.
I agree. It's also very dependent on the exact options that Microsoft
and Adobe have currently implemented. Minor changes could screw this
up completely.
>
>I don't claim to be a big security guru, but if I were planning to
>distribute a redacted PDF document, I'd render it to a bitmap, then
>turn the bitmap back into a PDF and ship that, a digital version of
>printing it out and scanning it back in. On Unixish systems, one can
>do that in about five minutes with freeware tools like ghostscript and
>xpdf.
That's more or less what they did when they declassified Skipjack,
though they may have used a real printer and scanner instead. Some
people laughed at NSA's technical ineptitude -- didn't they know how to
print to PDF directly? Others realized that NSA understood the problem
at a much deeper level.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
