integrating GPG with deniable steganography

David Nillesen dave at northnet.com.au
Mon Mar 19 05:33:05 CET 2001


Or alternativly,

	Wendy suspects Alice is going to send messages or is sending
message to Bob.

	Wendy gets a subpeona or search warrant, and confiscates either
Bob or Alices computer.

	They trundle around the filesystem and find your encode and
decode programs. They can then serve the 'RIP' thingy (i'm from australia
not sure how it works exactly) because people dont usually send
each other the works of william shakespeare, and they have just started
doing this. Mr Shakespeare also has non std formatting, which is a
signature of your program. (source available on the net no doubt to
add evidence)

	I like the suggestion of the message encoded into the noise
of an audio file. But once again if it appears non random and they
can find your encode/decode programs, they may be able to use
the kinda evil 'RIP' process.

	Ideally:
	encode/decode are not kept on your PC at all, so there is no
evidence you know of their existence, let alone run them.
	you've been sending each other mp3's / huge text files on a long
term basis. I like the idea of sending little voice messages to each 
other
with the encryption done on that. Pc mikes and sound cards at high
compression are bound to be noisy enough :)
	you'd also send decoy files with no message and/or the files you
send, that do contain data, contain n messages at the same time, 
decodeable
by giving different key's/hash's (i sooooo cant do cryptography). So you
can say 'oh yeah, you've caught me, here's the key' and they get a 
message
that is only slightly naughty (so you've reason to hide it) but has 
nothing
to do with your real conversation, which is still encoded. 'yeah, yeah,
the rest of the numbers are just random noise to fill out space'

	Anyway, just the thoughts of another paranoid person :)

	Oh yeah and the inevitable IANAL

Dave




More information about the Gnupg-devel mailing list