At 12:45 AM 2/28/96 +0000, "Deranged Mutant" <WlkngOwl@UNiX.asb.com> wrote:
Adam Back <aba@dcs.ex.ac.uk> wrote:
[lots of stuff about stealth PGP snipped]
This seems to be quite a lot of effort that complicates things. It would be simpler for two stealth communicators to use other means of hiding the fact that a message is PGP'd... (1) stego, in various forms, if done properly would make most attackers not suspect a PGP message is inside something,
One point of stealth-pgp is to make an encrypted message you _can_ safely hide with stego. Since the Bad Guys can take your stegofied picture, destego it, and see the string ------ BEGIN PGP CONTRABAND DATA, you can't get away with saying "no, that's just a picture of my cat, blurred a bit because he was moving", which you can if you use a true stealth version of PGP or other crypto program. Another major point is to make PGP messages that you can post in public, which the recipient can decode, but which _don't_ say "From 007 To 86 and 99" in the headers. That's easier, but still a bit of work.
(2) use another encryption program, with a known key shared by two users, that turns the PGP message into pure unmarked 'randomness', [.... (3) a pad-based variant ...]
You're down to key exchange; the big reason for public-key systems is to avoid it. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281