-----BEGIN PGP SIGNED MESSAGE----- Kevin Brown makes some interesting points about steganography and steganalysis. The issue of recognizing whether a message has or might have a hidden message has two sides. One is for the desired recipient to be clued that he should try desteganizing and decrypting the message, and the other is for a possible attacker to discover illegal uses of cryptography. Steganography should be used with a "stealthy" cryptosystem (secret key or public key), one in which the cyphertext is indistinguishable from a random bit string. You would not want it to have any headers which could be used to confirm that a desteganized message was other than random noise. This would allow some public standard to be used for steganizing messages. Ideally, the standard would be chosen so that typical real messages, when desteganized by the standard technique, would produce close to a random bit pattern. Maybe Kevin's idea about taking the parity of each (four- letter or greater?) word in the message would work. With stealthy cryptography and a "random" standard steganographic technique people could use steganography without much fear that their messages will attract attention, or that they could be proven to be using this technology just by analysis of their messages. Only the desired recipient would discover the hidden message by achieving success in decrypting the random bit string that comes from the desteganography. He would have to try this on all messages and it would only work on those fraction with hidden messages aimed at him. A big problem right now is that none of Kevin's proposed approaches seem to be capable of being fully automated. I don't think that word substitution can be done safely, at least not by some simplistic algorithm. Words have many meanings and it is not easy for software to choose an appropriate synonym. This is a similar problem to machine translation, and I think those systems still require a lot of human supervision. In the olden days, spies used the "window" method of steganography. They had a piece of paper with randomly-scattered holes in it. They would put it on top of another piece of paper and write their secret message in the holes. Removing the "window" paper left a sheet of paper with some widely scattered letters. The spy then wrote a cover message among the letters, choosing his words so that the letters fit in. The recipient then had a paper with the same window positions so that he could read the message. We could do a similar thing - position the letters of a hidden (and encrypted) message at every 5th (or 10th, or whatever) position, and have a special word processor that let you compose a message but allowed you to see the forthcoming stega letters so that you could try to make your words fit around them. This might be harder than for the paper case because we have no ability to change the spacing of our letters in order to fit around the fixed letters more easily. Steganography will be more labor-intensive than ordinary encryption. You have to write two messages: the encrypted one you want to send, and a cover message that is five to ten times longer. Plus you may need to massage the cover message to one degree or another depending on how automatic the stego insertion is. This might be reasonable if crypto is outlawed and you are part of an underground group fighting the government, but for ordinary use I don't see how to make it both easy and safe. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAIau6gTA69YIUw3AQFW6wQAk5r3TVkn3VI4LS+9103J/yQMNs1kypkt qkdX3FRHll7O9KeIipYdDvJUGeIfFzQobyBy6pGvSQZKV0tdb+ZM+3BG9LlpUFZZ Y1wGX0aJChvY+/L2RugxxLGROYOdZJzeijBj5L6swgmtsschHnsfo7j7A3md6gDq rJyFvOaU5ms= =g99M -----END PGP SIGNATURE-----