1994-03-01 - Re: standard for stegonography?????!!!!??

Header Data

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
To: Arsen Ray Arachelian <rarachel@prism.poly.edu>
Message Hash: 1e7458fc7dbf4faefcd211067bf31aaf08c9455e66f2adeba79934409a8ab018
Message ID: <Pine.3.89.9402282226.C11533-0100000@delbruck.pharm.sunysb.edu>
Reply To: <9402282245.AA05746@prism.poly.edu>
UTC Datetime: 1994-03-01 04:25:16 UTC
Raw Date: Mon, 28 Feb 94 20:25:16 PST

Raw message

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Date: Mon, 28 Feb 94 20:25:16 PST
To: Arsen Ray Arachelian <rarachel@prism.poly.edu>
Subject: Re: standard for stegonography?????!!!!??
In-Reply-To: <9402282245.AA05746@prism.poly.edu>
Message-ID: <Pine.3.89.9402282226.C11533-0100000@delbruck.pharm.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain

On Mon, 28 Feb 1994, Arsen Ray Arachelian wrote:

> Guys, I thought the whole point of stego was to hide the fact that
> you're hiding data in a file.  Having a "standard" for this is
> a bad idea i the sense that if you have a standard, you make it
> that much easier for the bad guys to intercept and find what
> you are trying to hide!

That is correct.  The standard should be to have no standard!  :)
But, if you must have a standard, some variability would help.  I outlined
a "variable standard" in another recent message in this thread.

A fictional example of a legitimate need for standardization and a possible 
solution follows:

  Feb. 1998

  Jack and Jill are both readers of cypherpunks and long-time users of PGP.
"Stealth PGP" and "Stego+" have become very popular.  Unfortunately, 
Clipper is a legal necessity for all computer communication.  

  Jack wants to send Jill a _truely_ private message.  Using only Clipper is 
not an option; neither is "Stealth PGP", on its own; as, meerly owning 
non-Clipper encrypted files has recently been successfully used as grounds 
for search warrants, equipment confiscations, and miscellaneous court 

  Luckily, it has become particularly popular to use "Stealth 
PGP" in combination with "Stego+" to hide messages in PictureCD files.  
Knowledgeable users regularly scan alt.videos.binaries.misc for messages.  
Although Jack would like additional security that he would obtain from 
using a non-standard stegonagraphy program, this is his first message to 
Jill.  He can not simply send plain-text email to Jill telling her to use 
the new "SuperStego", for obvious reasons.

  Jack therefore uses the standard, relatively secure, method and 
sends the message via "Stealth PGP" & "Stego+" in TEST.CD on 
alt.videos.binaries.misc; thereby evading the ClipperCops.