integrating GPG with deniable steganography
Marlow, Andrew (London)
MarloAnd at exchange.uk.ml.com
Tue Mar 20 15:09:01 CET 2001
> -----Original Message-----
> From: Florian Weimer [SMTP:fw at deneb.enyo.de]
> Sent: Tuesday, March 20, 2001 12:46 PM
> To: Andrew Marlow
> Cc: gnupg-devel at gnupg.org
> Subject: Re: integrating GPG with deniable steganography
> Andrew Marlow <apm6674 at apmsoftwareltd.alkazar.co.uk> writes:
> > Suppose Bob sends Alice a GPG-steg'd message. Wendy intercepts
> > it and runs the decode program. She then serves Alice with
> > an RIP decryption notice. Alice refuses. Her argument is that
> > Wendy has recovered random data because the message she received
> > was not concealing another message via the encode/decode programs.
> I don't think this will work in practice.
> Steganography is still in its infancy. If the algorithms are public,
> the party with the better noise model wins---and that's the government
[Marlow, Andrew (London)] For steg to work we must assume that
knowledge of all steg algorithms. Otherwise its just security
> The only solution which seems to work at the moment is not hiding the
> communication per se, but the amount of communication. You might be
> forced to reveal some parts of the message, but nobody can tell if
> you've revealed all of it.
[Marlow, Andrew (London)] Yes, and for stuff on the hard disk this
is what I intend to do.
The 2 hot contenders are Ross Andersons steg file system for Linux,
or rubberhose. Both look good.
> Of course, you might get into trouble
> because they already know that there was additional information
> transmitted (for example, because the other end revealed it), so this
> scheme is most suitable for encryption of storage.
[Marlow, Andrew (London)] Indeed.
> I think there's even a Linux file system which implements this
> approach. Have a look at Markus Kuhn's site.
[Marlow, Andrew (London)] Been there, done that.
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
More information about the Gnupg-devel