From: Chuck Lever <cel@citi.umich.edu>
Date: Wed, 23 Jun 93 12:16:10 PDT
To: cypherpunks@toad.com
Subject: Re: weak stenography and hiding readdat.exe
In-Reply-To: <9306231831.AA04870@bailey.cpac.washington.edu>
Message-ID: <9306231916.AA05582@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Northrop <skyhawk@cpac.washington.edu> writes:

<  The simplest effective way I know of to hide an executable (such as
<  readdat.exe) is to have it masquerade as another program, preferably one that
<  is complex enough to justify its size.  (You couldn't hide PGP in cat, but you
<  could hide it in Mathematica.)  You'd want the original program to be something
<  you compile yourself, like some large X program, or gcc, or emacs.  (You can
<  hide *anything* in emacs.  In fact, you can make pgp a hidden *primitive* in
<  emacs.  Hmmmmmm...  Or Perl.  Hmmmmmmm.....)  That way you don't have a file
<  that differs noticably from your OS release (they might check sizes and
<  checksums), and you don't want to bother with patching a binary anyway.

   these are interesting ideas.  but it seems to me you can't beat just using
   a pre-existing popular application for steganography.  in other words, choose
   an algorithm which doesn't require you to create a new program to do the job.