1993-01-05 - Re: purloined letter

Header Data

From: karn@qualcomm.com (Phil Karn)
To: pbreton@cs.umb.edu
Message Hash: d20458cf0f1e130e4281b3b8b09ffc2c9b4abcdf2661786dfffb606743ccc6bf
Message ID: <9301051802.AA17738@servo>
Reply To: N/A
UTC Datetime: 1993-01-05 18:03:47 UTC
Raw Date: Tue, 5 Jan 93 10:03:47 PST

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Tue, 5 Jan 93 10:03:47 PST
To: pbreton@cs.umb.edu
Subject: Re: purloined letter
Message-ID: <9301051802.AA17738@servo>
MIME-Version: 1.0
Content-Type: text/plain


A couple of years ago somebody posted some clever programs to
sci.crypt that hid arbitrary (cipher)text in seemingly innocuous
"plaintext". You had two options: plaintext that looked like a running
commentary on a baseball game (with the ciphertext encoded in the
choices of names of players at bat, the sequence of balls and strikes,
etc) or plaintext that looked like the writings of a particular legal
scholar (I think). I don't remember his name, but he was chosen
because Senator Joseph Biden of Delaware plagairized his works during
law school, and Biden had recently introduced S.266 with the
now-infamous "resolution" against cryptography. A nice touch. :-)

Another approach to this problem is this: if you can't make the
needles inconspicuous by themselves, generate some big haystacks to
hide them in.  I.e., write a program that produces bogus PGP
"messages" and execute it frequently to produce background traffic. I
wrote a first-order bogus PGP message generator and posted it to
sci.crypt two weeks ago.  I say "first order" because it looks like a
PGP message to the naked eye, but is clearly invalid when fed to PGP -
I didn't bother generating correct checksums on the ciphertext.  The
ideal bogus message generator would produce a message
indistinguishable from a real PGP message encrypted with an unknown
public key, or perhaps with a known public key chosen at random. 
Anybody want to write this?

Phil





Thread