1994-03-04 - more steganography talk

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 6c4e895750f2932be90bceed3d6f42fab028ce7d8d4bea1b60c26b063a20c9c1
Message ID: <9403042051.AA04295@ah.com>
Reply To: <9403042001.AA02468@bilbo.suite.com>
UTC Datetime: 1994-03-04 21:00:18 UTC
Raw Date: Fri, 4 Mar 94 13:00:18 PST

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Fri, 4 Mar 94 13:00:18 PST
To: cypherpunks@toad.com
Subject: more steganography talk
In-Reply-To: <9403042001.AA02468@bilbo.suite.com>
Message-ID: <9403042051.AA04295@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


>The idea:  Encrypt a widely known value with the recipient's  
>public-key and use the result as an initialization vector for a  
>clever transformation/steganography algorithm.  

How many public keys are there can there be?

Assume one hundred each for 10 billion persons.  That's 2^40 keys, or
an effective key length of 40 bits.  Since there are not more than
2^16 public keys right now (a generous estimate) we can assume that
this technique is insecure for public keys.

Of course, if the public key is not actually public, but only in the
possession of the sender, that's another matter, but just try keeping
a public key under close distribution sometime.  Both PGP and PEM fail
to support protocols to restrict the distribution of 'public' keys.

Public should mean that the key is held by someone other than the
holder of the private key, not that the key is necessarily available
to everyone.

Eric





Thread