1994-06-20 - Re: Andy Grove on Clipper

Header Data

From: Stuart Smith <cipher@nemesis.wimsey.com>
To: cypherpunks@toad.com
Message Hash: 2243433f650e640f1e3eb8c97043f4813948602bd05932d1ef34fdd86da92ded
Message ID: <2e05f20b.nemesis@nemesis.wimsey.com>
Reply To: <m0qFcpz-0004EbC@khijol.uucp>
UTC Datetime: 1994-06-20 20:11:43 UTC
Raw Date: Mon, 20 Jun 94 13:11:43 PDT

Raw message

From: Stuart Smith <cipher@nemesis.wimsey.com>
Date: Mon, 20 Jun 94 13:11:43 PDT
To: cypherpunks@toad.com
Subject: Re: Andy Grove on Clipper
In-Reply-To: <m0qFcpz-0004EbC@khijol.uucp>
Message-ID: <2e05f20b.nemesis@nemesis.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain


> > Not if you use Stealth for PGP which I released a few months ago after
> > persuading "Henry Hastur" to write it. They can't *tell* it' non-compliant
> > crypto. Sophisticated steganography is now needed however, since most noise in
> > the digital domain is not white noise, like a Stealth PGP message would be (or
> > at least different than normal digital noise). But even more so is needed nice
> > Mac and Windows interfaces for the system that you can send to a friend, on a
> > floppy. I suggest a voice mail utility. Then a critical mass is not even
> > needed (security through obscurity). Remember, "Encryption always wins." They
> > can't outlaw noise.
> 
> True, but I think that the <insert name of your favorite spook agency here>
> would have it's hands on any method almost as soon as it hits the streets.
> I'd be interested in getting a copy to play with, but I'm curious - the methods
> to validate that you have a proper message have to be there, anyway, and that
> would seem to be your undoing.  If you have to validate it, it can be scanned
> for -- that's how they find viruses these days, too.  Does your method take
> that into consideration?  I could imagine a future where, like viruses, crypto
> used "adaptive crypto" or "adaptive signatures" to hide itself from detection...

Well, I've played with stealth briefly, along with a few other
interesting utilities, and it does look good.  i.e. there is no
way to validate proper messages.  If you feed
noise/junk/whatever into stealth, it will give you a pgp encoded
message back.  Every picture posted to alt.binaries.pictures.*
could be run through stealth and a pgp file would result.  Find
which ones *really* were pgp files to begin with.. good luck..

What we have to worry about is making sure there is no way to
identify the data that pgp puts out itself.  That is, the
encrypted data and the encrypted IDEA key.  If I gave you random
samples of noise and told you that one of them was an IDEA key
encrypted by an RSA key, you shouldn't be able to pick it out.

-- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu@nemesis.wimsey.com>





Thread