1998-09-19 - Re: Stego-empty hard drives…

Header Data

From: Anonymous <nobody@replay.com>
To: cypherpunks@Algebra.COM
Message Hash: da3df0911b0d4fc804dbf98bc9214ec7fcf5c992a8b449a939dc4f47f3fe637d
Message ID: <199809192012.WAA05755@replay.com>
Reply To: N/A
UTC Datetime: 1998-09-19 07:10:01 UTC
Raw Date: Sat, 19 Sep 1998 15:10:01 +0800

Raw message

From: Anonymous <nobody@replay.com>
Date: Sat, 19 Sep 1998 15:10:01 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Stego-empty hard drives...
Message-ID: <199809192012.WAA05755@replay.com>
MIME-Version: 1.0
Content-Type: text/plain

Robert Hettinga wrote:

> At 1:01 AM -0400 on 9/19/98, Anonymous wrote:
> > (Had this been a UK Customs 'inspection' of the contents of the disk, I
> > might have had to explain the half-gig of "noise" I have on the disk.
> > Only, it really is noise. Really.)
> This makes me think of something that I probably missed in the bowels of
> someone's long previous stego posting (um, stego^stego? :-)), how would you
> go about either:
> Stegoing an encrypted partition as "blank" hard drive space without
> actually writing over it unless you wanted to?
> or, even,
> Stegoing an encrypted partition as not even *there* at all?
> Doesn't seem like it would be too hard conceptually (hah!) and, if done,
> might actually defeat such Archie-look-up-the-dress as the British
> customsfolk are wont to do these days.
> Obviously, even if the partition were found, it would look, to sniffer
> programs, as if it were empty, right? :-).

Once they realize people are doing this, they will begin taking hashes or
some other record of the blank space. The next time you are scanned by
customs, they pull the record and compare the previous "blank"  space with
the current "blank" space. If they don't match, you're suspect. 

They still cannot prove that you're carrying hidden data. They ask you if
you know what stego is. They ask you if you have hidden data on your
drive. If you say yes, they demand to see it. If you say no, they say
"Okay, then it should be no problem if we push the wipe button on our
program, should it?" 

If they start doing that they have still won, because now you are not
carrying the data across the border or the data is destroyed as you cross
the border.