1994-02-25 - Re: Stealth PGP and Stegonagraphy (Summary)

Header Data

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
To: wcs@anchor.ho.att.com
Message Hash: d7fa03950d12e704d7411b50b5b6e2e7f6fa474c7962691510483bff9a49959c
Message ID: <Pine.3.89.9402251229.A1961-0100000@delbruck.pharm.sunysb.edu>
Reply To: <9402250059.AA14052@anchor.ho.att.com>
UTC Datetime: 1994-02-25 17:38:09 UTC
Raw Date: Fri, 25 Feb 94 09:38:09 PST

Raw message

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Date: Fri, 25 Feb 94 09:38:09 PST
To: wcs@anchor.ho.att.com
Subject: Re: Stealth PGP and Stegonagraphy (Summary)
In-Reply-To: <9402250059.AA14052@anchor.ho.att.com>
Message-ID: <Pine.3.89.9402251229.A1961-0100000@delbruck.pharm.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 24 Feb 1994 wcs@anchor.ho.att.com wrote:

> Hiding the file in deleted sectors on the disk has a number of problems.
> 1) It's highly non-portable.

Not portable in what ways?  This method of hiding files is valid on many
platforms.

> 2) If the Bad Guys are looking for contraband files, either they're competent
>    or they're not.  If they're competent, they'll certainly notice your 
>    weird drivers and TSRs holding the disk stuff around.
>    Your virus-checking software may notice it also :-)

No weird drivers or TSRs are neccessary.  You need rely only on a
commod disk-editor.  The "Bad Guys" will notice nothing out of the ordinary. 
How will virus-checking software notice anything?

> 3) If the Bad Guys aren't competent enough, you can get by either hiding
>    the file under an innocuous name (e.g. boring.dat), or you can go
>    a bit farther by using mimic functions or other steganographic techniques
>    to make the file really look like something boring.
> 

They'll notice the stegonagraphy program, though.

> 4) If the Bad Guys are competent, and they suspect you, they may try
>    using Norton UnErase or similar ommands to recover the stuff anyway.
> 

Norton UnErase won't help if you leave no traces in the FAT, have no file 
name and especially if you've used a stegonagraphic function to embed
your file in garbage of the sort that is already lying around in the 
deleted portion of the disk, or if you've split your file into many small 
pieces and scattered them around the disk.

> Fractals are a good place to hide stuff, since random-looking low-order bits
> could come from steganography, or could just be from the fractal itself;
> it's really hard to tell since it's tough to regenerate unless you know the
> precise starting parameters and machine behavior.  You could probably hide
> 4 bits per byte without major visibility instead of the 1 bit/byte you
> typically can get away with in normal gifs.
> 

Yes fractals are a good place to hide info, as opposed to regular pictures.
If you deem it wise to further hide the fractal file in the deleted 
portion of your disk, you'd gain an even further layer of security.

> More important is making sure your encryption program doesn't have
> incriminating stuff visible in it, such as "BEGIN PGP STUFF" character
> strings in the object code....
> 

Absolutely, that's what was noted in the discussion section of the 
original (Long) message.

> 	Bill
> 

Sergey







Thread