Eli makes a reasonable case for leaving out the length field altogether. The desteg program would produce a file of width*height bits, and it would be up to the next layer to produce text from that. However, I'm not sure it's a *compelling* case.

A steganography program that uses a shared permutation and bit selection schedule on each end is really a symmetric key cipher with data expansion. And because it is a cipher, it is subject to the ITAR. Adding noise intermixed with a signal is a perfectly good way of doing full scale cryptography, it's just that folks these days tend to prefer methods that don't have bandwidth explosion. In fact, bandwidth expansion is only of the few ciphers that has provable information theoretic properties, mostly because the method is simple enough for the basic results of information theory to apply. Hiding encrypted text, which already has high entropy over various word partitions, with an arbitrary embedding in random bits does provably increase the security of the cipher. I would urge Jef to write the code and then submit a Commodities Jurisdiction request to see if the code is exportable. Eric