From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Thu, 13 Jul 95 12:37:18 PDT
To: "Perry E. Metzger" <perry@imsi.com>
Subject: Re: def'n of "computer network"
In-Reply-To: <9507131927.AA12842@snark.imsi.com>
Message-ID: <Pine.SUN.3.91.950713152622.22564A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jul 1995, Perry E. Metzger wrote:

> Jon Lasser writes:
> > In addition, now is the time to deploy stego, on a massive scale.
> 
> I've said it before, and I'll say it again.
> 
> My opinion is that stegonography "standards" are useless. Anyone can
> try unpeeling the GIFs and see if something interesting shows up
> inside. That means that the only useful stego suffers from the defect
> that symmetric key cryptography suffers from -- you have to have made
> serious pre-arrangements with the counterparty.

True, in that sense it's useless.  But if it's PGP'd with a sufficient 
key, nobody can read it.  If it's from a well-overused guest account, 
nobody can find who sent it.  If the picture's not preceded with an 
identification of the intended recipient, and is posted in a public 
forum, then nobody knows who it's for.  Especially if everyone has to 
read it in order to find out if it's for them.

If PGP 3.0 has some sort of option to decrypt messages without PGP 
headers or footers, then the issue ceases to be relevant. Because you've 
stego'd already random-seeming material.  If the stego program is 
integrated with PGP properly, you have public key stegonography.

It's possible; just that somebody's gotta write the damned software.  And 
I'm certainly not capable to do that.  Yet.

Jon
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410) 494-3253 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.