1994-08-01 - Re: What kind of encryption to incorporate?

Header Data

From: Andrew Brown <a.brown@nexor.co.uk>
To: Adam Shostack <adam@bwh.harvard.edu>
Message Hash: d6e34853a1f695b2a599c5559a90ca4e7836b6d2de6e09fea569dad70e890251
Message ID: <Pine.3.89.9408011055.A27305-0100000@vulcan.nexor.co.uk>
Reply To: <199407291656.MAA03632@freud.bwh.harvard.edu>
UTC Datetime: 1994-08-01 09:11:52 UTC
Raw Date: Mon, 1 Aug 94 02:11:52 PDT

Raw message

From: Andrew Brown <a.brown@nexor.co.uk>
Date: Mon, 1 Aug 94 02:11:52 PDT
To: Adam Shostack <adam@bwh.harvard.edu>
Subject: Re: What kind of encryption to incorporate?
In-Reply-To: <199407291656.MAA03632@freud.bwh.harvard.edu>
Message-ID: <Pine.3.89.9408011055.A27305-0100000@vulcan.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 29 Jul 1994, Adam Shostack wrote:

> A filename and length give away the fact that something is
> hidden.  If you only hide encrypted data, and no plaintext of any
> sort, then the file can not be automatically detected; it can ony be
> seen by someone who can decrypt it.

... well almost.  It's trivial to write a program that extracts the LSB's 
from a GIF file and then determine their randomness.  Truly random data 
gives away the presence of an encrypted file. The solution is to choose 
the LSB's that you alter according to the output from a decent random 
number generator so that each LSB has a probability of being altered.

- Andy






Thread