Andy Grove on Clipper

Stuart Smith cipher at nemesis.wimsey.com
Mon Jun 20 13:11:43 PDT 1994 

> > Not if you use Stealth for PGP which I released a few months ago after
> > persuading "Henry Hastur" to write it. They can't *tell* it' non-compliant
> > crypto. Sophisticated steganography is now needed however, since most noise in
> > the digital domain is not white noise, like a Stealth PGP message would be (or
> > at least different than normal digital noise). But even more so is needed nice
> > Mac and Windows interfaces for the system that you can send to a friend, on a
> > floppy. I suggest a voice mail utility. Then a critical mass is not even
> > needed (security through obscurity). Remember, "Encryption always wins." They
> > can't outlaw noise.
> 
> True, but I think that the <insert name of your favorite spook agency here>
> would have it's hands on any method almost as soon as it hits the streets.
> I'd be interested in getting a copy to play with, but I'm curious - the methods
> to validate that you have a proper message have to be there, anyway, and that
> would seem to be your undoing.  If you have to validate it, it can be scanned
> for -- that's how they find viruses these days, too.  Does your method take
> that into consideration?  I could imagine a future where, like viruses, crypto
> used "adaptive crypto" or "adaptive signatures" to hide itself from detection...

Well, I've played with stealth briefly, along with a few other
interesting utilities, and it does look good.  i.e. there is no
way to validate proper messages.  If you feed
noise/junk/whatever into stealth, it will give you a pgp encoded
message back.  Every picture posted to alt.binaries.pictures.*
could be run through stealth and a pgp file would result.  Find
which ones *really* were pgp files to begin with.. good luck..

What we have to worry about is making sure there is no way to
identify the data that pgp puts out itself.  That is, the
encrypted data and the encrypted IDEA key.  If I gave you random
samples of noise and told you that one of them was an IDEA key
encrypted by an RSA key, you shouldn't be able to pick it out.

-- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

More information about the cypherpunks-legacy mailing list