From: hughes@ah.com (Eric Hughes)
Date: Fri, 4 Mar 94 07:48:21 PST
To: cypherpunks@toad.com
Subject: Standard for Stenography?
In-Reply-To: <9403040154.AA16047@hot.ee.lbl.gov>
Message-ID: <9403041538.AA03626@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


>Eli makes a reasonable case for leaving out the length field
>altogether.  The desteg program would produce a file of width*height
>bits, and it would be up to the next layer to produce text from that.
>However, I'm not sure it's a *compelling* case.  

A steganography program that uses a shared permutation and bit
selection schedule on each end is really a symmetric key cipher with
data expansion.

And because it is a cipher, it is subject to the ITAR.

Adding noise intermixed with a signal is a perfectly good way of doing
full scale cryptography, it's just that folks these days tend to
prefer methods that don't have bandwidth explosion.  In fact,
bandwidth expansion is only of the few ciphers that has provable
information theoretic properties, mostly because the method is simple
enough for the basic results of information theory to apply.  Hiding
encrypted text, which already has high entropy over various word
partitions, with an arbitrary embedding in random bits does provably
increase the security of the cipher.

I would urge Jef to write the code and then submit a Commodities
Jurisdiction request to see if the code is exportable.

Eric