-----BEGIN PGP SIGNED MESSAGE----- I (Nik) got a letter from a mathamatician asking me to clarify what I meant by a "real encryptor". Here is the answer I gave. It is for the newbies out there, not the serious cryptographer types who know this already. Warning: one of my Xenon character's last rants will be arriving shortly. Take it with a grain of salt; it's pretty nasty, and not meant for those who already understand its message. I'm trying to drum up some public demand for a "real encryptor", for one thing. Think of it as propoganda, for it appeals to emotion not logic, and it is not very fair. Steganography involves hiding a message in a file. I can use the Mac program Stego to place say a PGP message into a Mac PICT (just a picture) file as the least significant bit of each pixel. If it is a 24 bit per pixel color picture, then you can't even see a difference. If it is 8 bit color, then you CAN. It looks like digital noise. On off, on off. No matter. The problem IS, anyone with Stego can extract the file and immediately see that it is an encrypted PGP message. When PGP encrypts a file, after compressing it, it includes in the final output all sorts of extra things like a checksum at the end, and full information given out to anyone about the name of the key that it was encrypted with. It will proudly announce, for instance, "This message can only be read by Pr0duct Cypher. You do not have the secret key required to read it." I don't know the full details. The PGP documentation mentions some of them, for the binary format PGP output files. I could send you this if you want. What I mean by a "real encryptor" is something just like PGP, but minus the convenience features that get tagged onto the PGP messages. It might be as simple as stripping them away the PGP convenience procedures. If the output was simply an encrypted message, and it seems to me PGP could do this, it should be hard to distinguish it from a random series of bits. Hopefully nearly impossible! Then you can use steganography for your messages but no one can tell if what they extracted is a message or not! The least significant bit of most messages such as sound files is noise anyway. On off, on off. They can't even tell how big it might be. That is a potential mega problem with PGP itself not being able to know how big it is though. You would have to know before hand, or make the picture or sound file BE the right size, EXACTLY. That's certainly easy for sound files! Just send voice mail! You could pad the content of the PGP message if you wanted to hide the actual size of the decrypted message. If you get voice mail from a stranger saying something vaque, you can check if it contains a PGP message encypted with your public key. If PGP outputted such a hard-to-distinguish-from-random data format, it opens up many different possibilities for sending your messages. Ideally, no one would be able to tell if it was an encrypted message except by successfully decrypting it. As it is now, such schemes have to rely on "encrypting" an already encrypted PGP message to hide the fact that it IS a PGP message! Many of us just want to be left alone and are tired of having our files tagged as BEING encrypted. Personally, I suggest using PGP as a Clipboard utility so I can cut a message out, encrypt it, paste it back in and save it as a word processor file which I then Macintosh BinHex encode as text, and e-mail off. Now I'm just sending a BinHexed word processor file, just like thousands of other Macintosh e-mailers out there every day! This isn't good enough since it is so easy reverse, by anyof them ;-), and they are still struggling with just e-mail. PGP is still a program only used by those why really need it. It may remain that way, so for those people, having a random data block output would mean they wont set off alarms and catch the attention of the government, just for sending a love letter to their mistress ;-). -Nik (-=Xenon=-) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLVb/QgSzG6zrQn1RAQHPRgQAttdvv7y01xE0+8xKOnoODYJ3Xmlw0Wrs hIlMIGglirxY8Q244EEfjA538QES19jS95+8G5q9p5eEjM6w0apkRKQbyQOxme8j tfBU+yhhtqTGPUidLdiOWNszn2DvD0hrTVFH15b3yFoB2F1mA1kkjbfmXAm1r7gS MmJaO0c6ZNE= =SIQx -----END PGP SIGNATURE----- P.S. Were PGP like many programs, able to accept modular "Plug ins" like say Adobe Photoshop, this "bare" data block output could be an add-on featue ("feature stripper?") that those who want it would use. Or at least a separate utility that would strip and restore PGP messages.