Is it possible to decide what is a gpg file?

vedaal at hush.com vedaal at hush.com
Fri Nov 20 00:40:19 CET 2009 

On Thu, 19 Nov 2009 11:02:35 -0500 Brian Mearns 
<mearns.b at gmail.com> wrote:

>If he wants to hide the fact that he has an encrypted document, 
>that's a completely different matter and calls for steganography.


That's what i thought that he wanted.

Unfortunately, steganography is very difficult to achieve. ;-((

Unlike cryptography, where the standard is that the encryption is 
secure, even when the algorithm is known and well studied, no such 
progress has been achieved (afaik) in steganography.

Stego relies mainly on creative obscurity. The Holy Grail of a zero-
distortion stego carrier has not yet been found. The standard stego 
carriers (image files, audio, video files) have been well analyzed, 
and there is still detectable distortion in a carrier stego file 
when compared to a normal file of the same size and filetype.

Gnupg presents a great opportunity for use of text as a non-
detectable 
distortion carrier in the advancement of steganography.

Extending the example i gave above, it can be tweaked to provide 
increased levels of deniability that approach acceptable levels of 
crypto security.
(i.e.  
it should be just as difficult to prove that a file is 
steganographically hidden, as it would be to crack a 256 bit 
symmetric encryption algorithm.)

[1] Assuming a gnupg encrypted ciphertext of size 'k', and that 
there
are more than 95 ordinary files greater than size 'k' on the 
computer that plausibly belong there.
(for a concrete example that's easier to follow, assume the 
ciphertext has 400 lines)

[2] Pick any 40 such ordinary files of this size 
(and remember them ;-)) )

[3] Armor them using the --enarmor command to produce an armored 
text representation of the file.

[4] Select 10 lines from each of the 40 gpg enarmored files, and 
concatenate them to a 400 line text

[5] Make a pad to XOR from the text in [4], to the desired 
ciphertext.

[6] Save the pad securely somewhere else.

[7] Even if the pad is recovered, it cannot reasonably be proved 
that it XOR's to anything on the computer that would produce a 
ciphertext

n.b.
This is just a rough draft of a consideration ;-)

What needs to be taken into account, is which parts of the gnupg 
ciphertext act as a 'plaintext' in showing that an encrypted file 
is present, and how to effectively increase the stego 'carrier 
space', to hide those lines.

Anyway,
it might be an interesting area of steganography exploration ;-)


vedaal

More information about the Gnupg-users mailing list