1993-06-17 - Weak steganography

Header Data

From: nobody@soda.berkeley.edu
To: cypherpunks@toad.com
Message Hash: 5bff5a06077019d6e7d2131048e0782d726fbf6044710fc30968a784be966986
Message ID: <9306171745.AA05015@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-06-17 17:49:12 UTC
Raw Date: Thu, 17 Jun 93 10:49:12 PDT

Raw message

From: nobody@soda.berkeley.edu
Date: Thu, 17 Jun 93 10:49:12 PDT
To: cypherpunks@toad.com
Subject: Weak steganography
Message-ID: <9306171745.AA05015@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Responding to Mike Diehl's ideas about weak steganography: (Speaking of
which, did anyone notice that there weren't any stegosaurs in Jurassic
Park?  Just another sign of the government crackdown on crypto?)

There are a couple of problems with the idea of sticking encrypted
files onto the end of executable files.  The first is, to make this
easy, you need a program to do it (and to "undo" it).  Well, if someone
steals your computer and gets access to these files, they will probably
also get access to this program.  This will tip them off to what you have
done.

This is an example of the general principle that you need to assume that
your attackers know or can discover the methods you are using, but they
don't know the keys.

Another problem is that encrypted files look different from executable
files.  Encrypted files have a uniform histogram (that is, all 256 different
possible byte values are equally frequent), but exe files do not.  The
appending of an encrypted file to an executable file will be very obvious.
The exact boundary may not be immediately apparent, but it can probably
be narrowed down to ten or twenty words without much effort at all.  In
any case, exe files which have had this treatment will stick out like a
sore thumb.

Last, XOR'ing a PGP file with a repeated string is probably not a very
good method.  PGP has a header at the front whose structure is known and
which has some fixed bytes.  These can be used to immediately recover some
letters of your string.  Given that the string is mnemonic (memorable) it
may be possible to guess more of it.  Again, this is basically effortless
and it narrows down the search space considerably before they even start
to try to break it.

Of course, even if they recover the original PGP file they would then need
your pass phrase to decrypt it.  If you are assuming that they already had
that then they didn't need to go through the rigamarole of deducing the
repeated string which cloaked the PGP file; once they found an executable
with a uniform histogram at the end, along with your program which creates
such files, that should be enough evidence to force you to reveal the string
just as you were forced to reveal your pass phrase.

In sum, I don't think this approach will help much.

Hal Finney
74076.1041@compuserve.com

-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQCVAgUBLCBm8agTA69YIUw3AQFbMAQAqsZE3Zs3oC1RcTqZ+yGDv0uf0avWUI9N
l7Lr+XlOxryu7m7zo7S2knZIjUMa6a0v0EolnpPw/tK0SUkqGwOBrdfkn8BNPIM6
uZe9kzhJJYbc+w+TQqPB8PoVc3ZQ78OAOwyvhdu28KwG6kXLO4mCiX9n6faIDK1I
3G4Ez8v+6Xg=
=F8de
-----END PGP SIGNATURE-----





Thread