Sergey writes:
I have often heard it said that one should always assume that one's opponent knows everything except one's secret key. To me, this makes no sense! If your opponent is good enough and determined enough to get by all the layers of obscurity you may have put up, than its just one more step to getting your secret key.
If your cryptography methods are good enough to withstand an opponent who has full documentation of your algorithms and methods, lots of funds, and everything except your keys, then you don't need to waste your time with all the other stuff. And if you can't protect a couple of keys, it doesn't really matter how much other security you have. On the other hand, steganography is almost by definition an obscurity technique, and while security-by-obscurity is a naive waste of time, obscurity-by-obscurity is hard to argue against real clearly :-) On the other hand, if your cyphertext looks like random bits anyway, it doesn't take a lot to make them invisible. The real need is to make your data look like Somebody Else's Problem.... Bill