On Thu, 22 Apr 2004, Major Variola (ret) wrote:
However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do.
Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually.
Or not - if you weren't who they thought and there really was nothing more than the gay porn.
If you give them a believable but fake one, it will damage innocents or true members of your association.
Innocents could be a good "cannon fodder" that can bring a lot of backslash and alienation aganst the goons, stripping them from public support.
This brings another ofren underestimated problem into the area of cryptosystem design, the "rubberhose resistance".
My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego.
You are one of the few who are familiar with it. Are there any decent implementations for Linux/BSD/NT? Some time ago I was looking around for something (not necessarily stego, "standard" single-layer encrypted filesystem would be enough) for removable media, and would like to share them between machines running several operation systems. Didn't manage to find anything usable. The requirements are security, stability, and portability (at least read-only) between platforms.
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
There are magnesium rods on the camping market, sold as firestarters for very bad weather. Very high temperature of burning, with proper mechanical configuration (card strapped between two such rods?) could be enough to melt the chip. Maybe could be used together with some kind of break-and-shake chemical ignition even for eg. the USB drives. Their casings typically have considerable amount of space (few mm, enough for a Mg strip) over the chip that carries the data themselves. Which reminds me there are toilets designed for burning the waste using propane burners or electrical heating elements. Could be possible to use them as a basis for the "ultimate document shredder", if combined together with a standard lower-security one, within $2000 total.