Robert Hettinga wrote:
At 1:01 AM -0400 on 9/19/98, Anonymous wrote:
(Had this been a UK Customs 'inspection' of the contents of the disk, I might have had to explain the half-gig of "noise" I have on the disk. Only, it really is noise. Really.)
This makes me think of something that I probably missed in the bowels of someone's long previous stego posting (um, stego^stego? :-)), how would you go about either:
Stegoing an encrypted partition as "blank" hard drive space without actually writing over it unless you wanted to?
or, even,
Stegoing an encrypted partition as not even *there* at all?
Doesn't seem like it would be too hard conceptually (hah!) and, if done, might actually defeat such Archie-look-up-the-dress as the British customsfolk are wont to do these days.
Obviously, even if the partition were found, it would look, to sniffer programs, as if it were empty, right? :-).
Once they realize people are doing this, they will begin taking hashes or some other record of the blank space. The next time you are scanned by customs, they pull the record and compare the previous "blank" space with the current "blank" space. If they don't match, you're suspect. They still cannot prove that you're carrying hidden data. They ask you if you know what stego is. They ask you if you have hidden data on your drive. If you say yes, they demand to see it. If you say no, they say "Okay, then it should be no problem if we push the wipe button on our program, should it?" If they start doing that they have still won, because now you are not carrying the data across the border or the data is destroyed as you cross the border.