A GPG version of the PGPstealth program?

tftp tftp@yahoo.com
Sun Aug 19 22:58:02 2001


--- Andrew Marlow <apm35@student.open.ac.uk> wrote:

>
> I have had some more thoughts about integrating
> GPG with deniable steganography...

> But the message extracted
> is a GPG msg that has been 'stealthed', i.e it
> has been altered so that it resembles noise.
> Using a program such as GPGdump will not reveal
> the deSNOW'd data to be anything readable.
You can also XOR the GPG data with a text from a Bible. It would make an acceptable keystream for your purposes... even better than what you propose :-)
> This is the bit where I *deny* that there is a secret msg.
The attacker can use the same algorithm - and your own public key as the secret key - to produce the GPG stream, which will prove that this is a GPG message. The number of stego algorithms is finite, and if you want to get somewhere with this idea you probably have to use an outer envelope that can not be deciphered into anything but noise without the unique, secretly maintained, key. You see, public key crypto and stego have opposite purposes. The PKI allows anyone to receive (and recognize them, of course!) crypto messages. Steganography systems go to great length to hide even the fact that there is a second message somewhere...
> The reason I have to use PGP is that there is a
> stealth program for PGP but not for GPG. The
> stealth program only supports version 2.6.n of
> PGP. I have looked at the code to see how easy
> it would be to adapt it for GPG and it is beyond
> my skill, unfortunately.
I am still unsure how valuable the second layer of encryption would be, especially using publicly available "secret" key... but if you really want to do that, there are plenty of simple ciphers, block or stream, that can be implemented in 100 lines of any language. You only need to export the public key and then use it (all or portion of it) as a symmetric key. Dmitri __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/