1993-06-23 - Re: Weak stenography.
Header Data
From: tcmay@netcom.com (Timothy C. May)
To: karn@qualcomm.com (Phil Karn)
Message Hash: c8e84005a7e33bcb5f2f7ba0c103a1200f1e4ef4635750dd59ca86175a22fff3
Message ID: <9306230844.AA27879@netcom3.netcom.com>
Reply To: <9306230815.AA25862@qualcomm.com>
UTC Datetime: 1993-06-23 08:43:48 UTC
Raw Date: Wed, 23 Jun 93 01:43:48 PDT
Raw message
From: tcmay@netcom.com (Timothy C. May)
Date: Wed, 23 Jun 93 01:43:48 PDT
To: karn@qualcomm.com (Phil Karn)
Subject: Re: Weak stenography.
In-Reply-To: <9306230815.AA25862@qualcomm.com>
Message-ID: <9306230844.AA27879@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
Phil Karn writes:
...
> etc). But if you ever want to be able to retrieve it, you have to leave
> yourself an Achilles Heel: somewhere you need to keep a computer
> program, in plaintext, that you can execute to extract and decrypt the
> hidden ciphertext.
>
> You may be able to get away with claiming that the low order bits of
> your Doors tapes really *are* meaningless random bits picked up when you
> dubbed all your worn-out LPs to DAT, but if they find "readdat.exe" on
> your PC, disassemble it and discover that it's a program to extract and
> decrypt ciphertext from DAT tapes, you're in trouble. And if you encrypt
> your copy of "readdat.exe", well, you now need a plaintext decryption
> program to decrypt THAT.
>
> Short of devising a scheme that's so simple that you don't mind recoding
> it from scratch (and from memory) every time you want to extract and
> decrypt something, what can be done?
Some solutions:
1. Make programs like "readdat.exe" ubiquitous...distribute them on
shareware disks, CD-ROMs, etc. Thus, many households and offices will
have "readdat.exe"-like programs, whether they use them or not. Mere
possession of such a program will thus not be unusual or
suspicion-provoking. (This is of course one of the strategies in
making PGP and related programs ubiquitous.)
(Note that the storage of the _key_ is another matter, and is a
problem with most crypto schemes. For data stored in low-order bits on
a DAT, and retrievable with "readdat.exe," a pass-phrase of sufficient
length can be used.)
2. The bit-reading program "readdat.exe" can be stored remotely,
perhaps at an ftp site, so the user can retrieve it only when he needs
to use it, then flush it.
(I favor the "ubiquitous" route, as frequent retrievals make
themselves known in other ways....and may even draw attention to a
user in the first place.)
-Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.
Thread
Return to June 1993
- Return to “eichin@cygnus.com (Mark Eichin)”
- Return to “karn@qualcomm.com (Phil Karn)”
- Return to “szabo@techbook.com (Nick Szabo)”
Return to “tcmay@netcom.com (Timothy C. May)”
- 1993-06-23 (Wed, 23 Jun 93 01:15:19 PDT) - Re: Weak stenography. - karn@qualcomm.com (Phil Karn)
- 1993-06-23 (Wed, 23 Jun 93 01:43:48 PDT) - Re: Weak stenography. - tcmay@netcom.com (Timothy C. May)
- 1993-06-23 (Wed, 23 Jun 93 07:06:19 PDT) - re: Weak stenography. - eichin@cygnus.com (Mark Eichin)
- 1993-06-23 (Wed, 23 Jun 93 05:59:46 PDT) - Re: Weak stenography. - szabo@techbook.com (Nick Szabo)
- 1993-06-23 (Wed, 23 Jun 93 01:43:48 PDT) - Re: Weak stenography. - tcmay@netcom.com (Timothy C. May)