integrating GPG with deniable steganography

Marlow, Andrew (London) MarloAnd at exchange.uk.ml.com
Tue Mar 20 15:09:01 CET 2001 

> -----Original Message-----
> From:	Florian Weimer [SMTP:fw at deneb.enyo.de]
> Sent:	Tuesday, March 20, 2001 12:46 PM
> To:	Andrew Marlow
> Cc:	gnupg-devel at gnupg.org
> Subject:	Re: integrating GPG with deniable steganography
> 
> Andrew Marlow <apm6674 at apmsoftwareltd.alkazar.co.uk> writes:
> 
> > Suppose Bob sends Alice a GPG-steg'd message. Wendy intercepts
> > it and runs the decode program. She then serves Alice with
> > an RIP decryption notice. Alice refuses. Her argument is that
> > Wendy has recovered random data because the message she received
> > was not concealing another message via the encode/decode programs.
> 
> I don't think this will work in practice.
> 
> Steganography is still in its infancy.  If the algorithms are public,
> the party with the better noise model wins---and that's the government
> agencies.
	[Marlow, Andrew (London)]  For steg to work we must assume that
Wendy has
	knowledge of all steg algorithms. Otherwise its just security
through obscurity.

> The only solution which seems to work at the moment is not hiding the
> communication per se, but the amount of communication.  You might be
> forced to reveal some parts of the message, but nobody can tell if
> you've revealed all of it.  
	[Marlow, Andrew (London)]  Yes, and for stuff on the hard disk this
is what I intend to do.
	The 2 hot contenders are Ross Andersons steg file system for Linux,
or rubberhose. Both look good.

> Of course, you might get into trouble
> because they already know that there was additional information
> transmitted (for example, because the other end revealed it), so this
> scheme is most suitable for encryption of storage.
> 
	[Marlow, Andrew (London)]  Indeed.

> I think there's even a Linux file system which implements this
> approach.  Have a look at Markus Kuhn's site.
	[Marlow, Andrew (London)]  Been there, done that.

> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel

More information about the Gnupg-devel mailing list