CDR: Re: stego for the censored
Michael Motyka
mmotyka at lsil.com
Mon Oct 9 11:29:31 PDT 2000
> Bill Stewart wrote:
> >
> > At 04:30 PM 10/6/00 -0700, Tim May wrote:
> > >In places where crypto is illegal, this approach would also likely be
> > illegal.
> > ...
> > >BTW, the issue is a lot more than just "plausible deniability." This
> > >may work in the U.S., until the Constitution is further shredded. But
> > >"plausibility deniability" is not enough when dealing with the
> > >Staasi, or SAVAK, or Shin Bet, or the Ayotollahs. Mere suspicion is
> > >enough.
> >
> > The point is that each message doesn't have decryptable cyphertext.
> > It only has a secret-share that no recipient can decode
> > until they have enough shares of the same message,
> > even if the KGB rubber-hoses them, and the KGB cryptanalysts
> > won't be able to find anything more than random noise in the message
> > because with <K shares, that's all you can get.
> > Now random noise may also be suspicious, but it's less suspicious
> > than something that's got more structure to it.
> > Even if they do suspect the recipient and seize his computer,
> > they'll only get old messages, not the new partially-received ones.
>
> Not good enough, I'm afraid. As Tim said, if the authorities in an
> authoritarian regime _suspect_ secrets are being passed they have
> "probable cause" to break out the jumper cables. Unless the holder of an
> incomplete secret is willing to spill his guts literally rather than
> figuratively, his group doesn't benefit from a secret which can be
> detected but not read.
>
> --
> Steve Furlong, Computer Condottiere Have GNU, will travel
>
These regimes are likely to suspect conspiracies whether or not they are
actually occurring. Look at our McCarthy era. Assume the jumper cables
will be applied whether there are secret messages or not. If you want to
actually communicate then you have to risk SOMETHING.
Scatter-gather is just a mechanism to handle arbitrary sizes of messages
and add some potential cover traffic. It is no less safe than any single
exchange of stego data. Possibly it is more safe since the data density
in the carriers can be made very low and an observer cannot easily
isolate a complete carrier set from the cover traffic.
Mike
More information about the cypherpunks-legacy
mailing list