From: Bruce Zambini <jlasser@rwd.goucher.edu>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: 1034ff1555ed95a55859cbdb9a59abcbc1e711098f04491311e780c99c639dfc
Message ID: <Pine.SUN.3.91.960229162811.6796B-100000@rwd.goucher.edu>
Reply To: <199602290844.AAA03851@ix4.ix.netcom.com>
UTC Datetime: 1996-03-01 02:53:50 UTC
Raw Date: Fri, 1 Mar 1996 10:53:50 +0800
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Fri, 1 Mar 1996 10:53:50 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Simpler solutions (was Re: Stealth PGP work)
In-Reply-To: <199602290844.AAA03851@ix4.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960229162811.6796B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 29 Feb 1996, Bill Stewart wrote:
> At 10:26 AM 2/28/96 -0500, Bruce Zambini wrote:
> >Or, you can develop a public-key stego system...
> >ie a stego system that uses bits in specific ways depending on the
> >private key of the recipient.
> I assume you mean the public key of the recipient?
Well, no. Or yes and no. Something like Public-Key crypto in general,
where the public key isn't enough knowledge to decrypt it. For example,
you could encrypt a session key with RSA.
[...]
> You gain a certain degree of obscurity by using
> stego(picture, scramble( PGP(message, pubkey), key ))
> where scramble is some cheap symmetric encryption algorithm and
> key is either the recipient's public key or keyid, and PGP is in binary mode.
> This hides the message from eavesdroppers who don't know the recipient,
> but not from eavesdroppers who are willing to test against the keys
> of a list of usual suspects (assuming the recipient is one of them.)
Well, that's what I want to avoid; I think the issue is that as long as
stego is predictable, there's a problem, ie a message to a certain party
can be shown to exist, even if it's not readable. This might prove more
than ample evidence in certain circumstances.
You shouldn't be able to recover the stego'd message without special
knowledge. This isn't addressed by current software, to my knowledge.
Jon Lasser
----------
Jon Lasser (410)494-3072 - Obscenity is a crutch for
jlasser@rwd.goucher.edu inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D) - Fuck the CDA.
Return to March 1996
Return to “Bruce Zambini <jlasser@rwd.goucher.edu>”