Here's my minor correction of Perry Metzger's minor correction:
Karl Barrus says:
Eric Hughes just told me some extremely interesting information concerning subliminal channels and the DSS. Apparently, the DSS is very hospitable towards subliminal channels. (I won't summarize further since Eric may have posted to the list).
A very good posting, Karl, but I will note in the literature these are called "covert" channels, not "subliminal" channels. Otherwise, really top quality posting.
Perry
Yvo Desmedt gave a very nice paper at the Crypto '88 conference, which I attented, entitled "Abuses in Cryptography and How to Fight Them." He begins: "[Sim83b] introduced the notion of subliminal channel. His example is related to two prisoners who are communicating authenticated messages in full view of a warden who is able to read the messages. The subliminal consists in hiding a message _through_ the authentication scheme such that the warden _cannot detect its use nor read the hidden part_." Later he writes: "Abuses (in particular subliminal channels) are not covert channels in the strict way, as will briefly be discussed in Section 2.2." Covert channels usually refer to using "out of band" techniques, such as signal crosstalk, time-jitter, amplitude modulation, etc., to pass information (e.g., to leak bits out of a classified computer facility), whereas subliminal channels rely on the crypto protocols. (I suppose the Clipper could use either or both, or could be rigged that way.) I've heard people use the term "covert channel" in a broader sense, encompasssing the subliminal channel term coined by Simmons as well as the tradional covert channel, but certainly the term "subliminal channel" is not incorrect as used by Karl. ("Covert" may be more descriptive than "subliminal," though such is life.) I'll leave the rest of the discussion for interested readers. "Advances in Cryptology--CRYPTO '88," ed. S. Goldwasser, Springer-Verlag, 1990. By the way, Desmedt's paper argues persuasively that "abuse-free cryptography" overcomes the objections to public key crypto that terrorists and others bad folks will be able to pass subliminal messages. If the weaknesses mentioned by Eric Hughes and Karl Barrus are confirmed, this could be another point of attack against Clipper. Like Perry, I enjoyed Karl's summary. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it.