Recent discussion reguarding court-requested plaintext has made if obvious that data conceilment techniques need to be developed before real privacy can be obtained. For the sake of discussion, lets define "weak stenography" as any data-hiding techinique which will fool all but the "informed and skilled" intruder. For example, hiding encrypted data in "hidden" files in msdog would qualify as (very) weak stenography. By "informed," I mean that the intruder has reason to think that you are hiding something. "Skilled" simply means that the intruder has the needed skills to find and verify anything you might be hiding. Now, lets say some LEA thought you had plotted to (your favorite crime here.) And that they also suspected that you had encrypted all of the needed evidence. Further, that you had hidden the data, but couldn't prove it. In order for them to get you to produce that plaintext, they would have to be able to prove that you actually had such data. The only way that I can think of for them to prove such a thing is to produce a piece of cyphertext, and prove that it is, indeed, cyphertext. Further, they would have to prove that it belongs to you. So, if the data is hidden, they have to find it before they can compel you to decrypt it. Now for a proposal: Lets say we have to binary files, one that is an executable, and the other some type of (pgp?) encrypted file. We take these two files and put the cyphertext on the end of the executable, and encode the length of the the cyphertext at the end of the resulting file. Now, lets say that we had xor'ed the cyphertext with some string before we did the concatenation. The file-size-change would be a sure tip-off, if the LEA had another copy of the executable to compare with, so assume they don't. Looking at the file with a binary editor would reveal nothing. Since the cyphertext was transformed, running the decrypter program on the file would be fruitless. Disassembling the executable might, to the real skilled, reveal something, so we can assume this is what happens. After this much work, the LEA has some kind of binary file which they now have to tie to you and prove that it contains some kind of message. BTW, you can always claim to have downloaded it from somewhere.... Now they need to figure out how you transformed your cyphertext, if they even think of that. Lets say they figure out how you did it. Now they have to find what string you used in the xor process. Give that such a string might be about 6 ascii characters, they have to look at 64^6 different strings; each time through, they have to run the decryption program to see if it recognizes the cyphertext. If they can do one such examination per second, this process will take 2.2 years! And when their done, they still have to prove you put the message there in the first place. Bummer. ;^) Is there something wrong with my reasoning? Does this sound plausable. Would it be as effective as I envision? Comments are welcome. If the response is favorable, I will try to get it coded in (portable?) C and release it. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
participants (1)
-
J. Michael Diehl