On Mon, 28 Feb 1994, Arsen Ray Arachelian wrote:
Guys, I thought the whole point of stego was to hide the fact that you're hiding data in a file. Having a "standard" for this is a bad idea i the sense that if you have a standard, you make it that much easier for the bad guys to intercept and find what you are trying to hide!
That is correct. The standard should be to have no standard! :) But, if you must have a standard, some variability would help. I outlined a "variable standard" in another recent message in this thread. A fictional example of a legitimate need for standardization and a possible solution follows: Feb. 1998 Jack and Jill are both readers of cypherpunks and long-time users of PGP. "Stealth PGP" and "Stego+" have become very popular. Unfortunately, Clipper is a legal necessity for all computer communication. Jack wants to send Jill a _truely_ private message. Using only Clipper is not an option; neither is "Stealth PGP", on its own; as, meerly owning non-Clipper encrypted files has recently been successfully used as grounds for search warrants, equipment confiscations, and miscellaneous court sanctions. Luckily, it has become particularly popular to use "Stealth PGP" in combination with "Stego+" to hide messages in PictureCD files. Knowledgeable users regularly scan alt.videos.binaries.misc for messages. Although Jack would like additional security that he would obtain from using a non-standard stegonagraphy program, this is his first message to Jill. He can not simply send plain-text email to Jill telling her to use the new "SuperStego", for obvious reasons. Jack therefore uses the standard, relatively secure, method and sends the message via "Stealth PGP" & "Stego+" in TEST.CD on alt.videos.binaries.misc; thereby evading the ClipperCops. Sergey