[6479] in cryptography@c2.net mail archive
Re: The problem with Steganography
daemon@ATHENA.MIT.EDU (Russell Nelson)
Tue Jan 25 15:25:26 2000
From: Russell Nelson <nelson@crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Tue, 25 Jan 2000 15:20:17 -0500 (EST)
To: cryptography@c2.net
In-Reply-To: <20000125192007.3199.qmail@nym.alias.net>
Message-ID: <14478.447.803366.827200@desk.crynwr.com>
lcs Mixmaster Remailer writes:
> > The problem with Steganography is that there's basically no way to
> > clue people in to it's location without clueing everyone into it.
>
> Encryption is successful if the attacker can't find information about the
> plaintext without the key. Ideally, he can't answer questions about the
> plaintext any better with access to the ciphertext than without.
I'm trying to do forward stego -- that is, publish some encrypted
steganographic document, with the idea that, once everyone has a copy,
*then* you reveal the key. Problem is, how do you convince them to
keep a copy of that document if they're unaware that it has something
buried inside it??
In this particular case, there is no crypto -- it's completely
security-by-obscurity. I've published the burial algorithm, or at
least sent it to the maintainer of the software. Haven't written the
retrieval algorithm yet, so in a sense the "key" is still secret. But
only 33 people sucked down a copy.
Maybe I should have buried it inside a pornographic picture? :)
--
-russ nelson <sig@russnelson.com> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
