1993-03-11 - Re: Hidden encrypted messages

Header Data

From: ghoast@gnu.ai.mit.edu
To: cypherpunks@toad.com
Message Hash: f635cca9e7edfdba6688ca0c1a7a4a7c3383b4f8c50174981e4c53281b20193e
Message ID: <9303110713.AA14022@hal.gnu.ai.mit.edu>
Reply To: N/A
UTC Datetime: 1993-03-11 07:14:55 UTC
Raw Date: Wed, 10 Mar 93 23:14:55 PST

Raw message

From: ghoast@gnu.ai.mit.edu
Date: Wed, 10 Mar 93 23:14:55 PST
To: cypherpunks@toad.com
Subject: Re:  Hidden encrypted messages
Message-ID: <9303110713.AA14022@hal.gnu.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

>    What about encoding a message by chnging spacing between the words?
> It is surely not the most compact method, but one might be able to transmit
> a pretty long message hidden in the text of "Alice in Wonderland" that
> would still be neatly formatted and *word-to-word* indistinguishable from
> the original.
>  Alex.
  Of course, if someone knew what they were looking for, it "would be trivial"
to set up some sort of filter to find this type of message (in this case, one
with a great number of spaces).  This assumes unnoticability due to lack of
knowledge, which is the current thought process being applied to computer
security.  It's a very falible one, as many companies have found.  If you
assume whatever kind of filter you may be dealing with will be a program
(and not a person) looking for a certain frequency of special characters, or
just a range in which >90% of your characters fall (like do you use many more
alphanumerics than *&&*^%$#'s?) then you could just have every fifth letter 
in your _Alice_ transmission be a character of your encrypted message..
  On the other hand, in dealing with that kind of program, I'm sure you could
write some program that would represent non-alphanumerics with a recognizable
code of alphanumerics which wouldn't be normally generated by the encryptor
(and failing that, just convert the entire piece to hex or something..).

Hmm, in writing this it seems to me that hiding a encrypted file in a way that
would evade anything drempt up to distiguish it from text is a lot more 
difficult than just calling it something else:  "Umm, yeah Mr. NSA, that was
a sound file of the pgp sound format!  ..right."  (or that noise suggestion too)

ghoast@gnu.ai.mit.edu   (Devin Jones)