1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? naked eye: no... but if an expert is looking (for any reason) they would
probably check out the low order bits, regardless... and although the actual message appears random, PGP has some headers which are _defiantly_ not random... In fact, they are trivial to check for. Look for Stealth- PGP (A separate product for now... to be integrated with PGP 3.0) The idea behind Stealth-PGP is that there are no headers... so the entire data stream is random...
3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? sure enough... There are several rather accepted stego formats... If they can use one of the known forms of stego, and extract a PGP-looking message, you are going to be hard pressed to "plausibly deny" anything.
If you _do_ use Stealth-PGP (or some other raw encryption method), the low ordered bits would appear to be random... Now, I'm not certain about this, but I doubt that the low order bits of any given regular file are really as random as a good crypto algorithm is. I'd imagine that there are ways of statisticly analyzing the low order bits of a file, and seeing if they're random... If they are completely random, then there is probably something hidden there... and if they are completely ordered, then there is probably something hidden there... In the "next generation" stego tools, there will probably be options to hide data in noise that looks similar to the native noise of the medium... a sort of subliminal channel in the noise (more so than regular stego). Until then you'll have to rely on "gee... what do you mean 'completely random'" ;-) Joshua -----------------------------Joshua E. Hill----------------------------- | LAWS OF COMPUTER PROGRAMMING: | | X. Adding manpower to a late software project makes it later. | -------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------