LM> The standard answer to agent-in-the-middle tampering is of LM> course digital signatures. Now, the question is, will we be allowed to sign LM> our possibly-stego-enclosing GIFs with reasonable confidence that the govt. LM> can't forge our signatures ? Obviously the signature itself can't be LM> stegoed, or else we fall into an infinite regress. Not obvious at all. You encrypt and sign as usual, stego the resultant output, and perhaps include in the stego routines some kind of CRC or hash if you like. But the point is that the signature still works to indicate whether the message was tampered with or not. If we posit a MITM, he can tamper with cyphertext =or= stegotext, but he can't defeat the signature. I would recieve a GIF which my stego software would turn into a file that PGP would puke on, telling me that Someone Is Messing With My Mail. I would not, of course, be able to reveal this fact directly. However, I could ask my correspondent to re-send the GIF, and when it comes out different in EVERY SINGLE LSB, I have proof of tampering. * Support legislation for a waiting period on taglines....... --- * Monster@FAmend.Com *