1994-02-08 - What’s a “real encryptor”?

Header Data

From: qwerty@netcom.com (Xenon)
To: cypherpunks@toad.com
Message Hash: a0f5d6d7e5e6c8ec5bdf55a90ad0943082ef99f6041ac2341c7022ddc1d11c70
Message ID: <199402080803.AAA16148@mail.netcom.com>
Reply To: N/A
UTC Datetime: 1994-02-08 08:06:34 UTC
Raw Date: Tue, 8 Feb 94 00:06:34 PST

Raw message

From: qwerty@netcom.com (Xenon)
Date: Tue, 8 Feb 94 00:06:34 PST
To: cypherpunks@toad.com
Subject: What's a "real encryptor"?
Message-ID: <199402080803.AAA16148@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I (Nik) got a letter from a mathamatician asking me to clarify what
 I meant  by a "real encryptor". Here is the answer I gave. It is for
the newbies out there, not the serious cryptographer types who know
this already. Warning: one of my Xenon character's last rants will be
arriving shortly. Take it with a grain of salt; it's pretty nasty, and
not meant for those who already understand its message. I'm trying
to drum up some public demand for a "real encryptor", for one thing.
Think of it as propoganda, for it appeals to emotion not logic, and it
is not very fair.

Steganography involves hiding a message in a file. I can use the Mac
program Stego to place say a PGP message into a Mac PICT (just a picture)
file as the least significant bit of each pixel. If it is a 24 bit per
pixel color picture, then you can't even see a difference. If it is 8 bit
color, then you CAN. It looks like digital noise. On off, on off. No
matter. The problem IS, anyone with Stego can extract the file and
immediately see that it is an encrypted PGP message. When PGP encrypts a
file, after compressing it, it includes in the final output all sorts of
extra things like a checksum at the end, and full information given out to
anyone about the name of the key that it was encrypted with. It will
proudly announce, for instance, "This message can only be read by Pr0duct
Cypher. You do not have the secret key required to read it." I don't know
the full details. The PGP documentation mentions some of them, for the
binary format PGP output files. I could send you this if you want.

What I mean by a "real encryptor" is something just like PGP, but minus the
convenience features that get tagged onto the PGP messages. It might be as
simple as stripping them away the PGP convenience procedures. If the output
was simply an encrypted message, and it seems to me PGP could do this, it
should be hard to distinguish it from a random series of bits. Hopefully
nearly impossible! Then you can use steganography for your messages but no
one can tell if what they extracted is a message or not! The least
significant bit of most messages such as sound files is noise anyway. On
off, on off. They can't even tell how big it might be. That is a potential
mega problem with PGP itself not being able to know how big it is though.
You would have to know before hand, or make the picture or sound file BE
the right size, EXACTLY. That's certainly easy for sound files! Just send
voice mail! You could pad the content of the PGP message if you wanted to
hide the actual size of the decrypted message. If you get voice mail from
a stranger saying something vaque, you can check if it contains a PGP
message encypted with your public key.

If PGP outputted such a hard-to-distinguish-from-random data format, it
opens up many different possibilities for sending your messages. Ideally, no
one would be able to tell if it was an encrypted message except by
successfully decrypting it. As it is now, such schemes have to rely on
"encrypting" an already encrypted PGP message to hide the fact that it IS a
PGP message! Many of us just want to be left alone and are tired of having
our files tagged as BEING encrypted. Personally, I suggest using PGP as a
Clipboard utility so I can cut a message out, encrypt it, paste it back in
and save it as a word processor file which I then Macintosh BinHex encode
as text, and e-mail off. Now I'm just sending a BinHexed word processor
file, just like thousands of other Macintosh e-mailers out there every day!
This isn't good enough since it is so easy reverse, by anyof
them ;-), and they are still struggling with just e-mail. PGP is still a
program only used by those why really need it. It may remain that way,
so for those people, having a random data block output would mean they
wont set off alarms and catch the attention of the government, just for
sending a love letter to their mistress ;-).

 -Nik (-=Xenon=-)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVb/QgSzG6zrQn1RAQHPRgQAttdvv7y01xE0+8xKOnoODYJ3Xmlw0Wrs
hIlMIGglirxY8Q244EEfjA538QES19jS95+8G5q9p5eEjM6w0apkRKQbyQOxme8j
tfBU+yhhtqTGPUidLdiOWNszn2DvD0hrTVFH15b3yFoB2F1mA1kkjbfmXAm1r7gS
MmJaO0c6ZNE=
=SIQx
-----END PGP SIGNATURE-----

P.S. Were PGP like many programs, able to accept modular "Plug ins" like
say Adobe Photoshop, this "bare" data block output could be an add-on
featue ("feature stripper?") that those who want it would use. Or at least
a separate utility that would strip and restore PGP messages.





Thread