[3910] in cryptography@c2.net mail archive
Re: crypto-stego
daemon@ATHENA.MIT.EDU (Bill Stewart)
Tue Jan 5 12:48:14 1999
Date: Mon, 04 Jan 1999 18:06:26 -0800
To: Russell Nelson <nelson@crynwr.com>, cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <19981230214244.19445.qmail@desk.crynwr.com>
At 09:42 PM 12/30/98 -0000, Russell Nelson wrote:
>Now here's a silly question: cryptanalysis requires that one be able
>to recognize the plaintext. Steganography requires that one NOT be
>able to recognize the cryptography from random noise. So, if I use a
>legal cryptography algorithm (with however few bits I'm allowed), on
>the output of an illegal stego program, all of those bits are pure
>pleasure. Even someone with my legal public key can't be sure that
>they've decrypted the right thing unless my stego is broken or they
>have my illegal public key.
I think you've got this backwards - your words say that
Output = Crypto( Stego(something), WimpyKey )
where "something" is presumably the message.
But that's not secure - good steganography doesn't require that
Stego(Message) look like random noise, only that
Stego(Crypto(Message)) and Stego(Noise) look similar enough
so the Bad Guys won't notice that the encrypted message is there.
The classic example is stuffing cryptobits into the low bits of a picture*;
Crypto( StegoPicture(something), CorrectlyGuessedKey )
will have all the correct form for the picture file, e.g. .bmp headers.
You need to do
Stego( Crypto(Message, WimpyKey) ) instead.
However, typical steganography depends on Crypto(Message) looking like noise;
if the encrypted message starts out "-----BEGIN PGP ENCRYPTED STUFF-----"
anybody who tries the right destego algorithm will know there's a message,
and even if there's some regularity like 7-bit printable crypto output,
it may be noticeable. Especially if you're going to use wimpy crypto,
you need to make sure that it's really stealthy, something PGP hasn't done
after N years aand several format changes.
>Cryptography restrictions are the USA's Maginot Line. Big, expensive,
>ultimately routed around regardless, and once the war is over,
>difficult to get rid of.
Heh - it's especially surprising to me that regulations designed to
keep Commies from getting military technology are still in place,
and the Russians are even part of the deal.
~~~~~~~~~~~~~~~~~~~~~~~
[* Stuffing data into the low bits of a bmp or gif or lossless jpeg
can work ok; obviously you've got to be careful that the picture
can believably have random noise in the low bits. It doesn't work well
on B&W or few-color cartoons, and there are messy cases like
black, white, or single-color backgrounds with objects in front.
At least one picture stego program I've seen did some statistical
analysis on the colors used and chose what colors to use as alternates
to indicate the hidden bits based on the stats.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
