On Thu, 5 Oct 2000, Tom Vogt wrote:
I'm currently looking for a way to get encrypted data via stego to people who live in countries where crypto is illegal, and who may be watched. so just sending them a large graphic would likely arouse suspicion.
the 2 best solutions I've come up with so far are porn and spam. both are readily believable, even in large quantities. the problem with porn is that it may be illegal in itself in the same countries. the problem with spam is that ascii text just doesn't offer much to hide stego in (whitespacing, etc. is both easy to find and can store very little data).
There are at least two more ideas that come to mind here. The first would be to embed links in your spam messages which take you sites that you have previously set up which contain a high amount of graphics. You could then hide the data steganographically in those images. Of course an automated tool of retrieval for those sites would be handy then as well (say a browser plugin which scans images tries to extract data out of each image and only accepts the extracted information if it has been signed with a previously agreed on key -- i favour a browse plugin over a commandline tool cause it would maybe look a little bit suss if somebody mirrored a 'become-a-millionaire-in-two-weeks'-website with wget or similar tools). You might also want to have a look at MP3Stego, a tool which allows hiding of information in MP3 files. URL: http://www.cl.cam.ac.uk/~fapp2/steganography/mp3stego/ Sending someone a couple of megs of non-copyrighted mp3s (say bolivian folklore) should not raise too much suspicion, or better yet, just mail him links to some geocities account where he can download them instead of sending them directly. Any method for data transfer can be used for steganography -- just be creative. Cheers, -Ralf -- Ralf-P. Weinmann <rpw@uni.de> PGP fingerprint: 2048/46C772078ACB58DEF6EBF8030CBF1724