integrating GPG with deniable steganography

Marlow, Andrew (London) MarloAnd@exchange.uk.ml.com
Wed Mar 21 14:30:03 2001 


> -----Original Message-----

> From:	Matthias Urlichs [SMTP:smurf@noris.de]

> Sent:	Wednesday, March 21, 2001 12:38 PM

> To:	Marlow, Andrew (London)

> Cc:	Florian Weimer; Stefan Fendt; Gnupg-devel@gnupg.org

> Subject:	Re: integrating GPG with deniable steganography

> 

> Hi,

> 

> Marlow, Andrew (London):

> > 	[Marlow, Andrew (London)]   This sounds like good stuff but the

> > repeated exchange of large audio or graphic files is a sure tip-off that

> > steg is being used.

> 

> No -- it's a tip-off that two people are exchanging audio files or

> private pictures. Lots of people are doing that. 

	[Marlow, Andrew (London)]  Well fancy that. I didn't know. But I
still think it's risky. Exchange of ASCII file is, IMHO, far less likely to
attract attention. Exchanging audio/graphics can easily be detected
programmatically.


> You do need to establish a legitimate reason to exchange the surface

> files, of course, but that's independent of the actual stego method

> used.

	[Marlow, Andrew (London)]  Not quite. Certain kinds of email
exchange attract attention for a number of reasons. Large files are
sometimes suspected of containing viruses and so are blocked by the
corporate spam filter. Audio and graphics files are sometimes declared
illegal by corporate policy and may be blocked by the filter. I am currently
talking to someone who is nearly always only contactable by email and whose
only email address is with his client (every now and then he comes to the UK
which allows us to enchange symetric encryption keys). They monitor the
email and are suspicious of audio/graphic/runfile attachments. I don't know
if they have a filter that blocks them but I wouldn't be suprised. I know I
would. I would also block the exchange of M$ files since they may contain
macros written in VirusBasic. This stops the scheme of using interword
spacing in a word processor file rather than an ASCII file (the WP route has
a higher bandwidth).


> -- 

> Matthias Urlichs     |     noris network AG     |

> http://smurf.noris.de/