integrating GPG with deniable steganography

Bernd Jendrissek berndj at prism.co.za
Thu Mar 22 09:54:09 CET 2001 

On Wed, Mar 21, 2001 at 12:00:42PM -0000, Marlow, Andrew (London) wrote:
> > You obviously need a data model where the original noise is masked in a
> > computationally intractable way. 
> 	[Marlow, Andrew (London)]   This sounds like good stuff but the
> repeated exchange of large audio or graphic files is a sure tip-off that
> steg is being used. This is why I am concentrating on ASCII steg. In my

Also, how much pseudo-noise can one realistically introduce without raising
suspicion?  I imagine a  recording of speach  could carry  pletny of noise,
whereas a JPEG of the night sky would be a particularly bad carrier. Unless
you have  access to a 10m  telescope and nobody can  realistically check if
your photograph is of a real globular cluster.

> opinion attempts to deny that steg is being used with ASCII msgs stand more
> chance of being believed in court. I am of course, assuming that it would be
> a court case, rather than torture in the Ministry of Love. The jury will be
> told  by the defence lawyer that steg typically uses audio or graphic data.
> Sure, ASCII steg exists but the bandwidth is poor and it is difficult to
> introduce noise.  This is also why it is very important that the chaff file
> is a feasible communication between the two parties. I either make it a
> social msgs in the case of a short secret msg or a news item for a longer
> msg. I would never send an extract from the Bible (we are both atheists!)
> and I wouldn't use snippets from Shakespeare either. 

If a jury is told "Audio and graphics files are commonly used to ..." then
an text/plain exchange can slip under the radar, I suppose.  But then that
exchange must be credible.

I bet there are *plenty* of ways to introduce noise into ASCII.

This thread has piqued my interest again in steg.  Maybe we can catalogue
different ways of hiding data?  I'll start:

- Street noise in recording of daughter's piano piece
- Deliberate misspelings and  irregular spacing in ASCII text.
- For hackers only: patch files can carry a whole lot of piggyback data,
  including such things as spacing style, use of "if (x)" vs. "if (x != 0)"
  all kinds of coding styles, comments, etc.
- Modified pixels in JPEGs; images of meadows and trees seem good carriers.
  How about a living room shot with the TV tuned to Santa's SnowTV?

Bernd Jendrissek

More information about the Gnupg-devel mailing list