On Tue, 1 Mar 1994, Matthew Gream wrote:
Earlier, Sergey Goldgaber wrote:
Didn't you mention something along the lines of hiding "---BEGIN PGP" headers by using one-time pad encryption? Or did I wildly misinterpret you?
No. I said that, and I was referring to the case where you have a particular stegonographic technique such as pixel modulation, it could be an idea to place an encrypted header using something like IDEA in CFB that not only encrypts a signature but an identifier so as to know which program actually ^^^^^^^^^ You were originally referring to PGP in particular, were you not?
did the stego, and hence be able to demodulate with that particular technique. Therefore if you had seperate programs, each could interoperate.
Yes, I understand that your proposal is compatible with a variety of other schemes. However, as you note below, this provides very limited security, unless the key is _non_standardized.
Even though the essense of stego is to not know a message is hidden in a particular medium, whenever specific software comes out to do certain stego (jpegs etc), I can see NSA spooks adding it onto their short list of s/ware to run across any pictures they get. Stego becomes sort of pseudo-Stego and loses a certain amount of gain it once had (of course, if all you do is Stego an encrypted file without any structure, it'll be safe).
"Pseudo-Stego" can be relatively secure as long as a large number of different hiding schemes/standards are used by the public. An effective means of ensuring this would be to use the reciever's public-key checksum-value as the standard offset for stego. The large number of public-keys available make it rather infeasable for one's opponents to try them all. This, I believe, provides pretty adequate security (assuming one strips any telltale headers off the hidden file beforehand).
My 5c.
Matthew. -- Matthew Gream. ph: (02)-821-2043. M.Gream@uts.edu.au. PGPMail and brown paperbags accepted. - Non Servatum - ''weirdo's make the world go around'' - A.Watts