1993-06-23 - Re: Weak stenography.

Header Data

From: szabo@techbook.com (Nick Szabo)
To: karn@qualcomm.com (Phil Karn)
Message Hash: daa94b0c6b27d970297a7e9e404537c9d1542061e14f15c016b13c3d17b3ee47
Message ID: <m0o8USx-000hwRC@techbook.techbook.com>
Reply To: <9306230815.AA25862@qualcomm.com>
UTC Datetime: 1993-06-23 12:59:46 UTC
Raw Date: Wed, 23 Jun 93 05:59:46 PDT

Raw message

From: szabo@techbook.com (Nick Szabo)
Date: Wed, 23 Jun 93 05:59:46 PDT
To: karn@qualcomm.com (Phil Karn)
Subject: Re: Weak stenography.
In-Reply-To: <9306230815.AA25862@qualcomm.com>
Message-ID: <m0o8USx-000hwRC@techbook.techbook.com>
MIME-Version: 1.0
Content-Type: text/plain



Phil Karn:
> if they find "readdat.exe" on
> your PC, disassemble it and discover that it's a program to extract and
> decrypt ciphertext from DAT tapes, you're in trouble. And if you encrypt
> your copy of "readdat.exe", well, you now need a plaintext decryption
> program to decrypt THAT.

Perhaps some hacks (ab)used by virus writers might be useful here.
We might hide "readdat.exe" inside a larger "innocuous.exe" and
scramble it with the "mutation engine", which creates a unique signature 
for each copy of readdat.exe's code (including the engine itself, which
bootstraps from a very short common code sequence).  The result 
is they have no signature to search for, even if they already have 
a copy of "readdat.exe" and the mutation engine.

Nick Szabo				szabo@techbook.com 




Thread