1993-03-11 - Re: Hidden encrypted messages

Header Data

From: derek@cs.wisc.edu (Derek Zahn)
To: ghoast@gnu.ai.mit.edu
Message Hash: 4c91b0c4863d868273ac49b21d8919f54173b74367f0ca28e50f2352e964c803
Message ID: <9303111501.AA26622@lynx.cs.wisc.edu>
Reply To: <9303110713.AA14022@hal.gnu.ai.mit.edu>
UTC Datetime: 1993-03-11 15:02:43 UTC
Raw Date: Thu, 11 Mar 93 07:02:43 PST

Raw message

From: derek@cs.wisc.edu (Derek Zahn)
Date: Thu, 11 Mar 93 07:02:43 PST
To: ghoast@gnu.ai.mit.edu
Subject: Re:  Hidden encrypted messages
In-Reply-To: <9303110713.AA14022@hal.gnu.ai.mit.edu>
Message-ID: <9303111501.AA26622@lynx.cs.wisc.edu>
MIME-Version: 1.0
Content-Type: text/plain

Devin Jones responds to Alex:

> Hmm, in writing this it seems to me that hiding a encrypted file in a way that
> would evade anything drempt up to distiguish it from text is a lot more 
> difficult than just calling it something else:  "Umm, yeah Mr. NSA, that was
> a sound file of the pgp sound format!  ..right."

Alex's (good) idea about using creative spacing to hide an encrypted message
is similar to that what I'd originally proposed (and of course it has to
be hiding an *encrypted* message!).  I've gotten a number of responses
of the form "Why not just claim that an encrypted message is data?",
but my original point was Plausible Deniability.  That is, I was
postulating an environment in which Big Brother has outlawed cryptography.
Now, confronted with a confiscated message, the sender has to defend
himself from the Inquisition.  Can't just claim it's a sound file;
the Inquisitor will want it played.  The question I'm trying to answer
is how to produce on demand a causal explanation of data (which actually
contains an encrypted message) that satisfies an investigator and
doesn't reveal the encrypted message.  Some simple scheme like, "Uh,
it's the result of my new random number generation algorithm" isn't
likely to be *satisfying* and is certain to produce the response,
"OK, let's see the algorithm."

don't bother running sophisticated analyses of the above message (oops,
I suppose that's a suspicious thing to say)