integrating GPG with deniable steganography

Ted Cabeen secabeen at pobox.com
Tue Mar 20 17:50:03 CET 2001


In message <20010320155941.D27738 at noris.de>, "Matthias Urlichs" writes:
>Hmm. Don't most crypto algorithms just look like random bits when you
>don't have the key?
>
>Therefore, a stego algorithm which replaces the lower bit of a noisy
>audio or video file should be perfectly safe, assuming (a) that lower
>bit is truly random, and (b) nobody can get at the original image.
>
>(b) is not always easy, but essentially a solved problem. (a) isn't
>quite that simple, but IMHO still much further along than early crypto.

Doesn't work.  First, what audio or video file are you using?  Something
public, or something you created?  Have you established that you commonly send
large audio and video files that you've created to this person? PPS is a good
start on this process, as it stops some of the simpler traffic analysis
methods.

Second, your adversary can look at the file and compare it to what the file
should look like, whether they have the unmodified original or not.  If it's a
music or video file, they can tell if each bit of sound/graphics doesn't match
up with it should be.  If you have a portion of the graphic with a smooth
color change, and then add stego to it, the picture will still look smooth,
but the data won't, and that's all they need.

There are probably other reasons as well, but I haven't looked into this
specific stuff recently.   

--
Ted Cabeen           http://www.pobox.com/~secabeen         secabeen at pobox.com
Check Website or Keyserver for PGP/GPG Key BA0349D2      secabeen at uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon  secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot        cabeen at netcom.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20010320/d6735db0/attachment.bin


More information about the Gnupg-devel mailing list