On Thu, 13 Jul 1995, Perry E. Metzger wrote:
Jon Lasser writes:
In addition, now is the time to deploy stego, on a massive scale.
I've said it before, and I'll say it again.
My opinion is that stegonography "standards" are useless. Anyone can try unpeeling the GIFs and see if something interesting shows up inside. That means that the only useful stego suffers from the defect that symmetric key cryptography suffers from -- you have to have made serious pre-arrangements with the counterparty.
True, in that sense it's useless. But if it's PGP'd with a sufficient key, nobody can read it. If it's from a well-overused guest account, nobody can find who sent it. If the picture's not preceded with an identification of the intended recipient, and is posted in a public forum, then nobody knows who it's for. Especially if everyone has to read it in order to find out if it's for them. If PGP 3.0 has some sort of option to decrypt messages without PGP headers or footers, then the issue ceases to be relevant. Because you've stego'd already random-seeming material. If the stego program is integrated with PGP properly, you have public key stegonography. It's possible; just that somebody's gotta write the damned software. And I'm certainly not capable to do that. Yet. Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.