Hugh seems to have restored the full list on Majordomo, so I'll forward the last couple of messages I sent/received yesterday that should have gone to the whole list.... -Futplex Forwarded message:

From lmccarth Fri Jul 14 00:12:07 1995 Subject: Stego Standards Silly ? (Was: Re: def'n of "computer network") To: cypherpunks@toad.com (Cypherpunks Mailing List) In-Reply-To: <9507140229.AA13447@snark.imsi.com> from "Perry E. Metzger" at Jul 13, 95 10:29:29 pm

-----BEGIN PGP SIGNED MESSAGE----- .pm writes:

Indeed -- how could the recipient even know to look, unless these things arrived regularly and with a fully standardized form of stegonography, in which case why bother, all you've done is come up with a very odd form of transfer encoding.

I agree, but AFAICS an odd form of transfer encoding is exactly what the doctor ordered. For plausible cryptodeniability, one wants to send ciphertext using a transfer encoding that doesn't automatically ring alarm bells. Steganography amounts to laundering Content-Type: headers.

If the recipient does know to look, that implies either that there is a hint, in which case the stegonography is useless, or it implies that you have prearrangement, in which case my comments on prearrangement hold.

If the recipient isn't getting spammed with GIFs (or whatever), she (or rather her MDA) can simply look at all of them by default. Of course this does not help with anonymous message pools on the order of Usenet, but that is a sub-issue. Deranged Mutant raised an IMHO important issue a few months ago. He suggested that Mallet could go about trashing the purportedly "random" bits in each instantiation of some transfer encoding used in a stego standard. For example, he shuffles the LSBs of every passing JPEG. I'm not sure how feasible this would really be (both technically and sociopolitically), but it could be a big annoyance if only a few people were suspected of using stego method XYZ. The standard answer to agent-in-the-middle tampering is of course digital signatures. Now, the question is, will we be allowed to sign our possibly-stego-enclosing GIFs with reasonable confidence that the govt. can't forge our signatures ? Obviously the signature itself can't be stegoed, or else we fall into an infinite regress. -Futplex <futplex@pseudonym.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMAXuSWf7YYibNzjpAQHlpQP/f3/e5iRl67zU3TLYZH1oNBBjC1+LYPH8 VkQMhvtRdlo2xBkY56jaZ6hZuzWanknVD1EKrG72vl5sPytXXDs5dVplFlelVw6f VjC2UxNHe0dQHmmJqXNMMq4qlC8ZxgtNf4P9O+6iJKjz6SbA7F6LuRd+3TXv5tHm xgGSY5bzJp8= =ia+X -----END PGP SIGNATURE-----