1994-03-04 - Re: Standard for Stenography?

Header Data

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: cypherpunks@toad.com
Message Hash: 61dc6e1cc08417abe5c7249d0a91a76ac1821b3231e172d501e86d672fddc9f1
Message ID: <9403040134.AA15184@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1994-03-04 01:34:46 UTC
Raw Date: Thu, 3 Mar 94 17:34:46 PST

Raw message

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 3 Mar 94 17:34:46 PST
To: cypherpunks@toad.com
Subject: Re: Standard for Stenography?
Message-ID: <9403040134.AA15184@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Sergey writes:
> I have often heard it said that one should always assume that one's 
> opponent knows everything except one's secret key.  To me, this makes no 
> sense!  If your opponent is good enough and determined enough to get by 
> all the layers of obscurity you may have put up, than its just one more 
> step to getting your secret key.

If your cryptography methods are good enough to withstand an
opponent who has full documentation of your algorithms and methods,
lots of funds, and everything except your keys, then you don't
need to waste your time with all the other stuff.  And if you can't
protect a couple of keys, it doesn't really matter how much other
security you have.

On the other hand, steganography is almost by definition an obscurity
technique, and while security-by-obscurity is a naive waste of time,
obscurity-by-obscurity is hard to argue against real clearly :-)
On the other hand, if your cyphertext looks like random bits anyway,
it doesn't take a lot to make them invisible.

The real need is to make your data look like Somebody Else's Problem....

			Bill





Thread