From: karn@qualcomm.com (Phil Karn)
Date: Wed, 23 Jun 93 01:15:19 PDT
To: J. Michael Diehl <cypherpunks@toad.com
Subject: Re: Weak stenography.
Message-ID: <9306230815.AA25862@qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


One thing keeps bugging me about steganography. Let's say that
"unlicensed cryptography", including the mere possession of ciphertext,
is totally outlawed. You may well be able to bury encrypted data in all
sorts of things (gif files, digital audio, "free" blocks on a hard disk,
etc). But if you ever want to be able to retrieve it, you have to leave
yourself an Achilles Heel: somewhere you need to keep a computer
program, in plaintext, that you can execute to extract and decrypt the
hidden ciphertext.

You may be able to get away with claiming that the low order bits of
your Doors tapes really *are* meaningless random bits picked up when you
dubbed all your worn-out LPs to DAT, but if they find "readdat.exe" on
your PC, disassemble it and discover that it's a program to extract and
decrypt ciphertext from DAT tapes, you're in trouble. And if you encrypt
your copy of "readdat.exe", well, you now need a plaintext decryption
program to decrypt THAT.

Short of devising a scheme that's so simple that you don't mind recoding
it from scratch (and from memory) every time you want to extract and
decrypt something, what can be done?

Phil