1993-06-24 - Re: Weak steganography

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: cypherpunks@toad.com
Message Hash: 6fa6d97b1bd5c9872f26f59f991db30436c3840531b016a2c752dfea4e759919
Message ID: <9306241918.AA26021@toxicwaste.MEDIA.MIT.EDU>
Reply To: <9306241622.AA11117@toad.com>
UTC Datetime: 1993-06-24 19:18:42 UTC
Raw Date: Thu, 24 Jun 93 12:18:42 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 24 Jun 93 12:18:42 PDT
To: cypherpunks@toad.com
Subject: Re: Weak steganography
In-Reply-To: <9306241622.AA11117@toad.com>
Message-ID: <9306241918.AA26021@toxicwaste.MEDIA.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Hal said:

> Unfortunately, this doesn't presently work with PGP.  PGP puts a
> header at the front of encrypted file which identifies it as a PGP
> file.  This includes information about whether the file is RSA or IDEA
> encrypted, and if it is RSA encrypted it includes information about
> which key(s) it is encrypted with.

First, this is only true when the file is ASCII armored.  You can
easily convert the file from armor to binary once you receive it and
then keep it in binary form.  Second, if the file is encrypted, it
only contains the KeyID(s) of the recipient(s) in plain text, not the
sender.

> RSA encryption headers will be harder to remove, particularly because of
> the lack of a key ID to tell which secret key to decrypt with.  We would
> just try the default key, I guess.  But this would require a more extensive
> set of changes to PGP.

This is not necessrily true.  I've been thinking of a way to try this.
Don't forget, you only have a limited number of secret keys to try, so
you try them all.  How many keys could you have?  10, maybe?  At most?
I, personally, only have one secret key.  I could try it, and if it
fails, I know I couldn't read the file....

Basically, Hal, you are stretching the "problem" further than it needs
to go, IMHO.  Relax a little and take a look at what you have at your
fingertips.  :-)

-derek






Thread