planning for life during the crypto night (was Re: CYPHERPUNK considered harmful.)
Black Unicorn <unicorn@polaris.mindport.net> writes:
3. Unescrowed crypto banned, with advanced stego, panic passwords, stealth PGP, incorporated remailers all across international borders making offenders impossible to identify or catch.
[...] I believe the goal is to propogate crypto far enough to at least have a salient "underground" participants.
Some months ago I called for advanced stego and stealth PGP as well as larger keys in the event we all had to go "into the crypto closet" for a time.
I call for them again.
Guess you're saying that a future underground cypherpunk group is going to need tools to continue if the US plummets into cryptographic darkness. And you'd like to see these tools available now, as it will be difficult to distribute, and set up if the big ban is already on us. A pre-emptive safety precaution in the event that it happens. So what threat model do you envisage tools being needed to withstand? A couple of the things you list are realisable with little effort, one is a PGP with large keys, I am using a doctored to go to 16k keys (I did this to amuse myself with getting timings for how long encrypt / decrypt & keygen take for varying key sizes). The patch is small, and easy to figure out, just a couple of #ifdefs, various people posted their patches to do this to alt.security.pgp some time ago. I think there was at least one patched version of PGP distributed (unofficially of course - PGPs largest allowed key size being 2048 bits), though I don't have any URLs for such a beast. Part of the problem is people seem to frown on distributing PGPs with larger keys, or alternate versions of PGP, due to version control issues, and such. Technically easy to do tho. Adding stealth features to PGP, or even as standalone, aren't hard either. I've been trying to add Hal's improved stealth algorithm to Henry Hastur's stealth program. It's basically finished, except for the problem that I am unsure about the security of the construct: x' = f(MD5(x)) * N + x where 0 < x < N and 0 < x' < M where M is a power of 2, and M > 2^64 * N and f is just a scaling function If that is secure I'd be happy to release an updated version of stealth, but without assurance, it is necessary to include random numbers, and the best way I see to achieve that is to build it in to PGP, and use PGP's ran no utils directly. If you're talking about a different version of PGP, perhaps this wouldn't be a big deal anyway. So that's big key PGP, and stealth PGP. I'm presuming most people figure 128 bit IDEA is suitably unassailable, but RSA keys are a moving target, and less predictable due to improvements in factoring algorithms. Already people are talking about an academic RSA129 like attempt on a 512 bit PGP key. What are views about creating Yet Another version of PGP. I've read a few discussions of this kind of thing in the past on alt.security.pgp, and most people were against it. But I think some useful things could come out of it. The other problem is working with pgp2.x when there is a version 3.0 being worked on, not sure what stage 3.0 is at, any coding.. perhaps if a stealth capable pgp2.x was worked on, and a few features demonstrated, the 3.0 folks would be willing to take a look at it to evaluate the features for possible version 3.0 inclusion. Just don't want to go do a of work, and then get a polite cease and desist from those with interests in managing the version control of PGP. Good stego tools are the other main problem. My understanding is that all of the stego programs to date do it by just ripping out the LSB of an audio or graphic image, and replacing that with the bits from a message with a stealthed message. Sending masses of pictures around is kind of suspicious tho, I mean several a day, each freshly scanned from what? I guess if video conferencing gets here, it would be fun to add the stego into that noisy stream, same for internet phone. Text stego, with bits hidden in the entropy of english text seems a harder objective, but a useful one. I'm presuming that plausible deniability, and facilities for anonimity are essentials. How does one go about doing that? Using newsgroups to carry on a two level communication might be a good way of maintaining plausible deniability. Either a stego interface to remailers in other countries, so that the stego gateway to remailers scans it's newspool, decrypts messages addressed to it, and forwards that off to the anon remailers. The outcome could be a further text or graphics stegoed message for posting to a suitably high noise news group. The recipient is also scanning his news spool for stego messages addressed to him. Sounds feasible. Perhaps a proof of concept would be easy to knock up, if a place holder is inserted for the 'good text stego' program should go. There was a 'texto' posted a while ago which did something suitable. Adam
--- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information On Sun, 17 Sep 1995 aba@atlas.ex.ac.uk wrote:
Black Unicorn <unicorn@polaris.mindport.net> writes:
3. Unescrowed crypto banned, with advanced stego, panic passwords, stealth PGP, incorporated remailers all across international borders making offenders impossible to identify or catch.
[...] I believe the goal is to propogate crypto far enough to at least have a salient "underground" participants.
Some months ago I called for advanced stego and stealth PGP as well as larger keys in the event we all had to go "into the crypto closet" for a time.
I call for them again.
Guess you're saying that a future underground cypherpunk group is going to need tools to continue if the US plummets into cryptographic darkness. And you'd like to see these tools available now, as it will be difficult to distribute, and set up if the big ban is already on us. A pre-emptive safety precaution in the event that it happens.
Precisely. Thank you.
So what threat model do you envisage tools being needed to withstand?
Traffic analysis, jurisdiction, detection of encrypted data in stego'd files. I believe the basic problem will be one of avoiding detection and the ability to piggyback harmless looking files on "approved" encryption. In the event your encrypted message were detected, it would be nice if it didn't announce its intended destination via a public key header. I also believe that excessively large keys should be incorporated (2048/4096 bit RSA and 256 bit IDEA like encryption perhaps) to extend the likely useful life of cyphers which will be difficult to distribute later. I also would like to see applications which permit the user to select the from among a few types of encryption, in the event one is found to be broken.
A couple of the things you list are realisable with little effort, one is a PGP with large keys, I am using a doctored to go to 16k keys
[description of availability]
Adding stealth features to PGP, or even as standalone, aren't hard either. I've been trying to add Hal's improved stealth algorithm to Henry Hastur's stealth program. It's basically finished, except for the problem that I am unsure about the security of the construct:
Excellent!
So that's big key PGP, and stealth PGP. I'm presuming most people figure 128 bit IDEA is suitably unassailable,
I'm pretty confident in it, but I would like to see some others about.
What are views about creating Yet Another version of PGP. I've read a few discussions of this kind of thing in the past on alt.security.pgp, and most people were against it. But I think some useful things could come out of it.
I think one of the big hold ups is the wait for PGP 3.0
The other problem is working with pgp2.x when there is a version 3.0 being worked on, not sure what stage 3.0 is at, any coding.. perhaps if a stealth capable pgp2.x was worked on, and a few features demonstrated, the 3.0 folks would be willing to take a look at it to evaluate the features for possible version 3.0 inclusion.
Exactly.
Good stego tools are the other main problem.
I concur.
My understanding is that all of the stego programs to date do it by just ripping out the LSB of an audio or graphic image, and replacing that with the bits from a message with a stealthed message.
As I understood the current implementation, stego is fairly easy to sniff out. Am I mistaken in this?
Sending masses of pictures around is kind of suspicious tho, I mean several a day, each freshly scanned from what? I guess if video conferencing gets here, it would be fun to add the stego into that noisy stream, same for internet phone.
Perhaps, but hardly as suspicious as sending naked random data. I think given hard to sniff stego, and the nationwide bandwidth, this is a non-issue.
Text stego, with bits hidden in the entropy of english text seems a harder objective, but a useful one.
Indeed.
I'm presuming that plausible deniability, and facilities for anonimity are essentials. How does one go about doing that? Using newsgroups to carry on a two level communication might be a good way of maintaining plausible deniability. Either a stego interface to remailers in other countries, so that the stego gateway to remailers scans it's newspool, decrypts messages addressed to it, and forwards that off to the anon remailers. The outcome could be a further text or graphics stegoed message for posting to a suitably high noise news group. The recipient is also scanning his news spool for stego messages addressed to him.
Sounds feasible. Perhaps a proof of concept would be easy to knock up, if a place holder is inserted for the 'good text stego' program should go. There was a 'texto' posted a while ago which did something suitable.
Adam
I believe all these to be in everyone's best interest.
participants (2)
-
aba@dcs.exeter.ac.uk -
Black Unicorn