[3221] in cryptography@c2.net mail archive
Re: Encryption is like a locked suitcase
daemon@ATHENA.MIT.EDU (David Honig)
Fri Aug 21 20:16:37 1998
Date: Fri, 21 Aug 1998 16:06:42 -0700
To: "Dan Todd" <dantodd@dnai.com>, <staym@accessdata.com>,
<cryptography@c2.net>
From: David Honig <honig@sprynet.com>
Cc: <coderpunks@toad.com>
In-Reply-To: <002401bdcd1d$d6416ec0$03000004@danhome.dnai.com>
At 09:07 AM 8/21/98 -0700, Dan Todd wrote:
>Who needs stego.
People do.
>If you don't like that approach just label your cyphertext files as
>executables. What customs official will ask you to run al the executables
>on your laptop? If that's a problem just drop them into a development
>environment and tell them it is code in progress and doesn't work right now.
>
>Remember, social engineering works both ways. :-)
While renaming .pgp files to .exe or whatever is going to be sufficient
for a little while, consider the next level of the game.
"Do you mind if we install and run our Customs2000 program on your machine?"
"Yes, I do"
"Do you want to enter our country?"
"Uh, sir, your foobar.dll shows up as suspicious. It is not a
properly executable. Maybe you should make it easier on yourself
and give us the key now."
There is some neat work on deniable, steganographic file systems, but
I haven't got the ref handy.
There is a secret message embedded in the phosphor of this period.
