steganograpy and cryptography

[Mike Johnson]

Kragen writes:
> I was thinking of steganography as being in two stages: first, you encrypt,
> (possibly with the identity transformation) then, you embed your encrypted
> message in your medium of transmission.  My previous message was describing
> requirements for a strong encryption algorithm, quite apart from the actual
> embedding.  I stand by my statements: the purpose of steganography is to make
> it difficult or impossible for an interloper to determine that enciphered data
> are being transferred.  Thus, embedding a magic number in the file defeats the
> purpose completely.
> (As opposed to "slightly reducing security.")

True.  I was refering to cryptographic security instead of steganographic
security when I said "slightly reducing security."  Sorry about the
miscommunication.  For steganographic purposes, there should be no _constant_
magic numbers or CRCs taken _after_ the encryption (and visible in the
ciphertext).  All magic numbers and CRCs should be embedded _before_
encryption and checked _after_ decryption when you want the ciphertext to
look purely random.  This way you can have _both_ cryptographic convenience
and random looking ciphertext ready for steganographic hiding.

> I think that designing a program to embed this apparently random bitstream in
> an innocent-looking file is a different and much harder problem.

Definitely.  Such a program is also very likely to drastically inflate the
message, depending on the definition of "innocent-looking" and the
characteristics of the channel or storage medium used.  For example, a
message could be concealed in the number of blank characters after each line
of text from an recipe book, but someone might even get suspicious about a
sudden interest in cooking among cypherpunks.  :)

By the way, I heard a rumor from a telephone company employee who I met (face
to face) who is in a position to know that a U. S. company was using DES to
communicate proprietary information between one of its facilities in Japan and
an office in the USA.  They got a letter from the Japanese parliament asking
them why they were sending encrypted data.  Perhaps there is more to the
question of steganography than purely academic interest...

-----------------------------------------------------------------------------
Mike Johnson       | Opinions expressed herein are mine, and come with no
mikej at exabyte.com  | warranty, expressed or implied.  PGP key on request.
-----------------------------------------------------------------------------