From: Nesta Stubbs <root@nesta.pr.mcs.net>
Date: Thu, 12 Jan 95 07:26:24 PST
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: How do I know if its encrypted?
In-Reply-To: <199501120540.VAA11357@ix3.ix.netcom.com>
Message-ID: <Pine.3.89.9501120934.B24527-0100000@nesta.pr.mcs.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Jan 1995, Dale Harrison wrote:
> >
> >A practical system would cut out a notch at 6/8 for ASCII armor, which
> >would make approximation techniques a bit tricky.  More practical is
> >just to detect ASCII armor with a regular expression recognizer and
> >de-armor it before the entropy check.
> >
> >Eric
> >
> >
> Won't work!  You can always embed an encrypted message in what 'looks' 
> like plaintext.  A trivial example: Encrypt a message with a caesar 
> cypher, then build a story where the first char of each word maps to 
> each subsequent char from the encrypted text.  At the cost of expanding 
> the size of the message by a factor of 5 to 10 you've hidden the 
> encrypted message in what looks like a letter to your mother (or a news 
> story in the NY Times, etc.)  This is old technique.
> 
> Dale H.

But Dale, hat doesn't matter much.  the user is then going otu of his way 
tpo get rejected.  The data haven would be knwon to it's users to require 
encrypted text, and a user who did the scheme you outline above would 
only be succeding in getting himself rejected.  I mean it's nothe 
operators fault he decided to be snazzy and put iit in plaintext when it 
was known to be required to be encrypted, as in knowingly encrypted.