integrating GPG with deniable steganography
Bernd Jendrissek
berndj at prism.co.za
Tue Mar 20 18:33:06 CET 2001
On Tue, Mar 20, 2001 at 04:44:03PM -0000, Marlow, Andrew (London) wrote:
> Bernd Jendrissek wrote:
> > Some thoughts on steg, encryption and RIP (whatever that is)
> [Marlow, Andrew (London)] RIP is now law in the UK. It gives the
> authorities power to force you to decrypt. Refuse and you go to jail
> for 2 years.
> Tell anyone and you go to jail for 5 years. See www.fipr.org for
> full details.
>
> > If I were strapped to a chair with a nice bright light shining right
> > into
> > my eyes, and a friendly voice said, "Please decrypt this message for
> > us"
> > I would still say, "Sorry, there's nothing there. It's random data."
> >
> [Marlow, Andrew (London)] The question is "how believable are
> you?".
> If the data looks like an encrypted msg then you will not get far.
I don't think so either. This seems to be the crux of the problem with
RIP: even if there is no encrypted message, if it looks like there is,
you have a problem.
> > The mentality that says "If you're hiding something you're guilty
> > of
> > *something*, I don't know what" This places the burden of proof on
> > the
> > accused, not on the prosecution, where it belongs.
What can be done to sensitise non-privacy-valuers to the idea that
encryption should be regarded as "normal"?
> [Marlow, Andrew (London)] Among the chief complaints against RIP we
> have the reversal of the
> burden of proof (it is now a crime to forget your password) and we
> have users of public key
> cryptography are suspected of being criminals just because they use
> crypto.
This is so important I'll keep it here even if I don't reply.
> > I lean toward thinking that steganography is
> > security-through-obscurity,
> > with the proviso that it must be *very* obscure.
> >
> [Marlow, Andrew (London)] Not obscure. Deniable. There is a
> difference.
Taking liberties,
[Jendrissek, Bernd (Cape Town)] The question is "how believable
are you?". If the data looks like an steganographically hidden
msg then you will not get far.
If you are known to use steganography you won't be very believable. And
if *you* know how to discover steg'ed messages, how do you prevent the
RIP Police from knowing? If you don't tell them how, you go to jail, do
not pass begin, do not collect 200 rand.
Bernd Jendrissek
More information about the Gnupg-devel
mailing list