1994-03-04 - Re: Standard for Steganography

Header Data

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
To: wcs@anchor.ho.att.com
Message Hash: cd83224d09460c5e560fa43428f157eedfc4c877c6392bd7fab2aa0920b8cfd6
Message ID: <Pine.3.89.9403032237.H23725-0100000@delbruck.pharm.sunysb.edu>
Reply To: <9403040109.AA14831@anchor.ho.att.com>
UTC Datetime: 1994-03-04 03:14:29 UTC
Raw Date: Thu, 3 Mar 94 19:14:29 PST

Raw message

From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Date: Thu, 3 Mar 94 19:14:29 PST
To: wcs@anchor.ho.att.com
Subject: Re: Standard for Steganography
In-Reply-To: <9403040109.AA14831@anchor.ho.att.com>
Message-ID: <Pine.3.89.9403032237.H23725-0100000@delbruck.pharm.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 3 Mar 1994 wcs@anchor.ho.att.com wrote:

> Jef Poskanzer writes:
> > The problem is the length field - you've got to have it, and it's
> > recognizeable because it begins with a run of 0s. [several hiding 
> > approaches.]
> Actually, you don't really need it, at least for PGP.  PGP messages keep
> track of how much real stuff the message has, and ought to be able to
> do the right thing if there's extra stuff at the end; I'd guess that
> Stealth-PGP can do the same.  I realize PGP isn't the only thing people
> will want to hide, but most things need hiding have enough structure
> to them thatpadding wiht garbage at the end is no problem.
> 
> On the other hand, if you do have a length field, you do have to
> do something reasonable with it, and just putting it at the beginning
> makes it difficult to do other stuff with the stego program,
> like inserting text bitplanes into a picture....
> 
> 		Bill
> 

Sorry to have to bring this up, but...

As some of the newbies have pointed out, in previous messages on this thread:
The length field, or any standard-length header scattered (standardly :) 
through the beginning of the file will cost one no loss in security if it 
is encrypted.

The encryption could easily be standardized via a public-key based 
algorithm like PGP.

The stego-program could be kept simple by meerly having it call PGP to do 
the header-encryption work.


Sergey







Thread