1996-03-01 - Re: Chaff in the Channel (Stealth PGP work)

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: nelson@santafe.edu (Nelson Minar)
Message Hash: 7f1b591cbd58f6fb2110331f917d8cfea09235c0267947f4bc3a2650ad54a3ab
Message ID: <199603010515.AAA10937@homeport.org>
Reply To: <199603010418.VAA02087@nelson.santafe.edu>
UTC Datetime: 1996-03-01 05:39:55 UTC
Raw Date: Fri, 1 Mar 1996 13:39:55 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 1 Mar 1996 13:39:55 +0800
To: nelson@santafe.edu (Nelson Minar)
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <199603010418.VAA02087@nelson.santafe.edu>
Message-ID: <199603010515.AAA10937@homeport.org>
MIME-Version: 1.0
Content-Type: text

	Stenography is torn between a (reasonable) desire for secrecy
in order to gain security by making it harder to detect your noise
patterns, and the need for correspondants to agree on a standard.
(This agreement made harder by cross platform issues.)

	However, I suspect that the ideal would be like cryptography:
Assume the enemy knows everything about your system but the keys.
Thus, your gifs need to look like normal gifs in the lsb.  Your audio
needs to have normal levels of hiss in it.  Etc.

	When actually using stego, theres no need to publicise your
choise of stego methods.  But when desinging a system, your opponent
should be assumed to understand it.


Nelson Minar wrote:

| I've got some specific ideas, but am a bit nervous about talking about
| them because of intellectual property issues. Also, I'm not convinced
| that unlike cryptography, some extra security can be maintained in a
| steganographic system by not disclosing the way it works. I haven't
| resolved these concerns, but would be happy to engage in some
| metadiscussion about them.

"It is seldom that liberty of any kind is lost all at once."