Bill Stewart writes:
> At 09:42 PM 12/30/98 -0000, Russell Nelson wrote:
> >Now here's a silly question: cryptanalysis requires that one be able
> >to recognize the plaintext. Steganography requires that one NOT be
> >able to recognize the cryptography from random noise. So, if I use a
> >legal cryptography algorithm (with however few bits I'm allowed), on
> >the output of an illegal stego program, all of those bits are pure
> >pleasure. Even someone with my legal public key can't be sure that
> >they've decrypted the right thing unless my stego is broken or they
> >have my illegal public key.
>
> I think you've got this backwards - your words say that
> Output = Crypto( Stego(something), WimpyKey )
> where "something" is presumably the message.
> But that's not secure - good steganography doesn't require that
> Stego(Message) look like random noise, only that
> Stego(Crypto(Message)) and Stego(Noise) look similar enough
> so the Bad Guys won't notice that the encrypted message is there.
No, "something" is presumably a crypto algorithm that adds another set
of key bits. But you're right, it was a silly question. Stego relies
on hiding crypto within something identifiable as something ordinary.
It needs to say "These are not the droids you're looking for." You
might get a fair bit of extra security, perhaps approaching the number
of added key bits, by using the same crypto algorithm which produced
the input to your stego algorithm.
> you need to make sure that it's really stealthy, something PGP hasn't done
> after N years aand several format changes.
Maybe there's hope for GNU Privacy Guard?
> >Cryptography restrictions are the USA's Maginot Line. Big, expensive,
> >ultimately routed around regardless, and once the war is over,
> >difficult to get rid of.
>
> Heh - it's especially surprising to me that regulations designed to
> keep Commies from getting military technology are still in place,
> and the Russians are even part of the deal.
The comparison seems apt because France is now filled with large
chunks of concrete, with no budget to get rid of them. I fear that,
once we win the crypto war against our own government ("Give me crypto
or give me death!") the crypto landscape will be littered with large
chunks of concrete. Heck, it already is -- look at the sorry state of
cellular phones, or Internet communications.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
