integrating GPG with deniable steganography

Stefan Fendt stefan at lionfish.ping.de
Sun Mar 18 02:57:03 CET 2001 

Hi,

hmm, well I don't belive this is going to belong on this list, so I
only will give this onetime statement to steganography...

I recently had a discussion on ciphering with a friend of mine. He
stated it would be a good idea to forbid ciphering 
for the "normal" user in germany as it would allow to make the
following conclusion: "If you use ciphering methods you have done
something illegal and even if we can't break your cipher, we can
imprison you." 
I said this to be rubbish, as people who really have in mind to do
criminal things then would use steganography to simply hide their
plans and suggested the following test: I would hide a message within
a file, I would give him the message and the program used to do the
stegano and I would give him the stegano-file with the message
inside. I promised (In fact I bet for a box of beer...) he would not
be able to a) find the message in the stegano-file and b) say me the
parameters I used to hide it... to make it short: I won.

Why? At first I used a vigenere-cipher to scramble the message. Then I
used informational material containing noise... This is the most
important part of it -- and the reason why I can`t belive that
steganography with *ASCII-Text* ever will stand in court (It just does
not contain enough entropy to really hide something within...). I used
an audio sampling ("Me saying: 'Hello this is a wonderfull
day'"). What it was afterwards was an audio sampling with the same(!)
amount of noise, with the same(!) type of noise than before -- but now
containing my message. What I kept secret was a) the vigenere-key and
b) the number of bits used in this 16bit recording to hide my
message. I did *not* kept the method itself secred, just the
parameters...

cu
Stefan

PS: keysize was *not* as long as ciphertext... but if I really wanted
    to hide something it would be ...
PPS: It doesn't count what type of file you use for steganography. It
    only counts that it's containing enough real noise. (Images will
    do, audios will... but Shakespeare ? I really don't think there's
    much entropy within his texts...

More information about the Gnupg-devel mailing list