From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 17:00:29 PST
To: sergey@delbruck.pharm.sunysb.edu
Subject: Re:  Stealth PGP and Stegonagraphy (Summary)
Message-ID: <9402250059.AA14052@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Hiding the file in deleted sectors on the disk has a number of problems.
1) It's highly non-portable.
2) If the Bad Guys are looking for contraband files, either they're competent
   or they're not.  If they're competent, they'll certainly notice your 
   weird drivers and TSRs holding the disk stuff around.
   Your virus-checking software may notice it also :-)
3) If the Bad Guys aren't competent enough, you can get by either hiding
   the file under an innocuous name (e.g. boring.dat), or you can go
   a bit farther by using mimic functions or other steganographic techniques
   to make the file really look like something boring.

4) If the Bad Guys are competent, and they suspect you, they may try
   using Norton UnErase or similar ommands to recover the stuff anyway.

Fractals are a good place to hide stuff, since random-looking low-order bits
could come from steganography, or could just be from the fractal itself;
it's really hard to tell since it's tough to regenerate unless you know the
precise starting parameters and machine behavior.  You could probably hide
4 bits per byte without major visibility instead of the 1 bit/byte you
typically can get away with in normal gifs.

More important is making sure your encryption program doesn't have
incriminating stuff visible in it, such as "BEGIN PGP STUFF" character
strings in the object code....

	Bill