Tim May
[G8 outlawing of crypto efforts forging ahead]
It's not hopeless. Physical havens are vulnerable, to all sorts of pressures (I doubt many cryptographers want to set up shop in Libya or Iraq, not that these places would be hospitable to Cypherpunks sorts of goals and methods).
Going underground, using the untraceable features of cyberspace, may be the last, best hope.
I'm not sure we have the software to do this right now.
Let's say that we start with the assumption of remailers still running
in some countries (non G8).
Message pools are ok for receiving messages.
But for sending messages, we need a stego interface to remailers. Now
seems like a good time to produce this software. It's time has come,
much as Phil Zimmermann felt the pressure of the 1991 Senate
anti-crime bill 266.
Good stego encoding techniques are the difficult problem. We could do
something in-your-face like:
use a random number, go to jail!
BECBFEAAA13241237419283749183123487A7BCDEFBBDCEFDBEB23CDDEBDEBDB
AA13241237419283749183123487A7BCDEFBBDCEFDBEB23CDDEBDEBDBBECBFEA
419283749183123487A7BCDEFBBDCEFDBEB23CDDEBDEBDBBECBFEAAA13241237
...
As a form of protest, where it really is stegoed instructions to a
remailer in a GAK-free country, which is reading the list.
Text stego is hard to do. At ultra low encoding rates (say a few bits
per email), it would be ok. (Just message parity, perhaps the entropy
in the message-id, posting time).
Anything more in text seems intrinsically hard to do well enough to
feel comfortable betting against a jail term.
Images and audio files are much rosier targets, but who posts volumes
of gifs, or uses audio files? Not I, the bandwidth isn't up to it
yet, and pay-per-second phone bills don't help either.
PGP 2.x signatures (presuming we're still allowed to sign posts with
such software) don't have much scope for subliminal channels. The
time of posting in seconds is about it.
However, PGP 3.x signatures on ElGamal/DSS keys should have. There
are several subliminal channels in DSS signatures. It involves
generating a random number component, and this can be exploited.
Still pretty low bandwidth.
Perhaps someone can have a go at adding this to PGP3.x, once Stale has
finished scanning the source code books, and has posted the source.
Also, I hear that PGP3.x has support for RSA keys, but won't generate
them? Perhaps we can add that back in also.
For comfort, I'd like to be able to post, lets say 10k per day of
messages, via remailers in non-GAKed countries. Clearly I'm going to
have to increase my rate of bit-production to stego encode this much
data in my stegotext output. How am I going to do it with good
plausible deniability though?
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0