integrating GPG with deniable steganography

Marlow, Andrew (London) MarloAnd at exchange.uk.ml.com
Wed Mar 21 13:02:14 CET 2001


> -----Original Message-----
> From:	Matthias Urlichs [SMTP:smurf at noris.de]
> Sent:	Wednesday, March 21, 2001 11:30 AM
> To:	Florian Weimer
> Cc:	Stefan Fendt; Gnupg-devel at gnupg.org
> Subject:	Re: integrating GPG with deniable steganography
> 
> Hi,
> 
> Florian Weimer:
> > 
> > This way, you can only defeat an attacker whose noise model is worse
> > than yours.  That's not a big deal, and it's *not* secure.
> > 
> Since you can always conceive of with a better noise model, that would
> be a killer argument against any kind of "conventional" steganography.
> 
> You obviously need a data model where the original noise is masked in a
> computationally intractable way. 
	[Marlow, Andrew (London)]   This sounds like good stuff but the
repeated exchange of large audio or graphic files is a sure tip-off that
steg is being used. This is why I am concentrating on ASCII steg. In my
opinion attempts to deny that steg is being used with ASCII msgs stand more
chance of being believed in court. I am of course, assuming that it would be
a court case, rather than torture in the Ministry of Love. The jury will be
told  by the defence lawyer that steg typically uses audio or graphic data.
Sure, ASCII steg exists but the bandwidth is poor and it is difficult to
introduce noise.  This is also why it is very important that the chaff file
is a feasible communication between the two parties. I either make it a
social msgs in the case of a short secret msg or a news item for a longer
msg. I would never send an extract from the Bible (we are both atheists!)
and I wouldn't use snippets from Shakespeare either. 

	Having said that, I am intriged by Stefan's approach. It certainly
seems to be deniable in spite of the suspicion that the exchanges may
arouse. Maybe this is good enough. It's hard to tell. I suppose it depends
on the tactics used by the government that has the power to force the keys
from us.






More information about the Gnupg-devel mailing list