Cryptography-Digest Digest #105, Volume #14 Sun, 8 Apr 01 08:13:00 EDT
Contents:
[LOST AND FOUND] Brain cell belonging to Thomas J. Boschloo (Boschloo Tales)
Re: How good is steganography in the real world? (David A Molnar)
Re: How good is steganography in the real world? (David A Molnar)
Re: How secure is AES ? (Paul Crowley)
Re: AES - yet another question :-) (Paul Crowley)
Re: How good is steganography in the real world? (Paul Schlyter)
GIF is bad (Frank Gerlach)
Re: How good is steganography in the real world? (David Wagner)
Re: patent issue ("Douglas A. Gwyn")
Re: How good is steganography in the real world? (Frank Gerlach)
Re: GIF is bad (Paul Rubin)
Partitionize issues (Frank Gerlach)
JPEG also problematic (Frank Gerlach)
Re: JPEG also problematic (Frank Gerlach)
Re: How good is steganography in the real world? (Joe H Acker)
Re: How good is steganography in the real world? (H C)
Re: How good is steganography in the real world? (H C)
Re: How good is steganography in the real world? (H C)
Re: patent issue ("Tom St Denis")
----------------------------------------------------------------------------
Date: 7 Apr 2001 09:12:45 -0000
From: [EMAIL PROTECTED] (Boschloo Tales)
Subject: [LOST AND FOUND] Brain cell belonging to Thomas J. Boschloo
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
Did somebody find Thomas J. Boschloo's brain cell?
It has been reported missing since
... well ...
a few years ?
birth ?
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 05:10:38 GMT
In sci.crypt Paul Rubin <[EMAIL PROTECTED]> wrote:
> I would absolutely not trust the security of any method that purports
> to put significant sized messages into gifs by messing with the color
> table (there are a lot of programs like that). If you *have* to put
Seconded. Especially since many of them seem to use only the naive "let's
mess with LSBs of the image and see what happens." (Note that I have not
evaluated and do not comment on S-Tools 4).
There *is* a theory of steganography developing (I'm indebted to Doug Gwyn
for pointing this out to me a while back in a sci.crypt thread) which tries
to make statements about an adversary's ability to distinguish a message with
a stego'd message in it from one which does not. You can even try to prove
things like "if factoring is hard, then no probabilistic polytime adversary
will be able to tell if a message exists with probability better than 1/2 +
neg(k), where neg(k) is less than 1/2^k for a security parameter k."
I would consider a result like that to be about the minimum you should want
from your stego system -- and even then it's by no means sufficient. (For one
thing, what was the model you proved the result in?)
[original poster comments:]
>> solution may just have to be to not communicate at all, at least until
>> the employees return home. That "solution" has its own problems but,
>> hey, so do Iraqi jails.
I used to live in Saudi Arabia. The rumor in the expat community there was
that the jails weren't air-conditioned. That *alone* should be enough to make
anyone think twice...
thanks,
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 05:01:14 GMT
In sci.crypt Matthew Kwan <[EMAIL PROTECTED]> wrote:
> Automated tools will have trouble identifying concealed messages, since
> the GIF standard doesn't say anything about the ordering of colours
> in the colour table, so everyone does it differently.
Right - but do they do it consistently differently? That is, does program X
_always_ order colors in such-and-such way and program Y in another way? or
if not always the same way, then in similar ways? Using orderings to
communicate information is a good idea, but if the adversary knows what GIF
creator you're supposedly using it may not be.
-David
------------------------------
Subject: Re: How secure is AES ?
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sun, 08 Apr 2001 05:32:53 GMT
[EMAIL PROTECTED] (Mark Wooding) writes:
> There is a specialized differential attack against Rijndael's
> structure. Even this doesn't work against the complete cipher (although
> it's quite close -- it breaks 8 of the 10 rounds used with a 128-bit
> key).
Not quite - the 8 round attack requires more work than brute forcing a
128-bit or 192-bit key, so it's only applicable to the 256-bit key
version of the cipher, which has 14 rounds.
The best attack against 128-bit Rijndael breaks 7 rounds with 2^120
work and very nearly the entire codebook (2^128 - 2^119 chosen
plaintexts).
Also, it really isn't a differential attack; Stefan Lucks has coined
the term "saturation attack" for this general class of attack.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Subject: Re: AES - yet another question :-)
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sun, 08 Apr 2001 05:32:53 GMT
[EMAIL PROTECTED] (Marc) writes:
> I have one further question if you don't mind. I notice that the
> AES decryption (in software) tends to be slower than the encryption.
> In my particular application I prefer fast decryption and slow
> encryption. Is there any security drawback when I simply swap both
> functions? In other words I plan to _De_crypt() the plaintext to
> get ciphertext, and to _En_crypt() the ciphertext to get plaintext.
> This way I have the speed advantage where I need it, and of course
> I'm not compatible to other AES implementations anymore, but this
> aside - do the AES security evaluations still apply?
This isn't a problem, but have you considered using a chaining mode
like CTR mode for which only the encryption function is needed at
either end?
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 08:24:07 +0200
In article <[EMAIL PROTECTED]>,
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> Another thought. We still have alot of people out of work here
> you could hire some Navahos. And just let them communicate messages
> to and from IRAQ. It worked in WWII.
Yes, it worked in WWII because back then hardly anyone knew Navaho
except the Navaho's themselves. And the situation was similar for
most other Native American languages.
However, this success of "Navaho encryption" during WWII spawned
an interest in Native American langauges among linguists, and since
then these langages have been investigated more than ever before.
Therefore today "Navaho encryption" will be much less secure than
it was during WWII.
Finally: since the security of "Navaho encryption" is based on
"securty by obscurity" (it relies on knowledge of the "encryption
algorithm", i.e. the Navaho language, not being known), it's a bad
idea solely because of that reason. The communication in Navaho
can be recorded and later be translated by some Navaho expert.
Remember that in crypto, the secret should be in the key only,
not in the algorithm. "Navaho encryption" has all its secret in
the algorithm (the Navaho language), and there isn't even any
key since there is only one Navaho langauge (I presume).
=================================================================
Enigma, Navaho and other WWII encryption techniques would not be
secure today.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: GIF is bad
Date: Sun, 08 Apr 2001 09:42:32 +0200
Gil Adamson wrote:
> Hello, All - thanks for the replies to my message.
>
> I'm delighted to have been named as an honorary member of the
> GCHQ/NSA/CIA, etc. :-)
Actually, some small or incompetent services, who have an native english
speaker on their payroll, might employ the USENET to do their technical
research :-)
Looking at the one-time pad discussions, I sometimes suspect some disinfo
in this NG...
>
> I was thinking that successful attacks on steganographic GIFs would
> occur in one of two ways:
Don't know about BMP, but the very idea of GIF to have a (relatively)
small number of colours seems to make it a very bad choice for
steganography. The easiest approach for stegano is to hide the information
in *physical noise*. For this approach to work, there must be significant
redundancy in the signal. This means that optimized image formats (which
do not contain a lot of noise) are a bad idea.
Still, there might be approaches to hide in the "randomness" of the
images' payload (like non-local distortions of colour and geometry), but
then the Mk1 Eyeball might be applied..
A final legal note: The UK requires everybody under HM jurisdiction to
hand over keys (and they will definitely interpret stegano as crypto) on
the request of the Police. If you fail to do so, you will go to jail for
some time.
If the UK has such drastic laws, why should a third-world dictatorship not
have the same laws/customs ? Better let at least their police read *all*
of your communications. Use PGP overtly and hand over the secret keys to
their police. From a legal point of view they might be as much entitled to
that as Scotland Yard is.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 07:50:58 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David A Molnar wrote:
>There *is* a theory of steganography developing (I'm indebted to Doug Gwyn
>for pointing this out to me a while back in a sci.crypt thread) which tries
>to make statements about an adversary's ability to distinguish a message with
>a stego'd message in it from one which does not. You can even try to prove
>things like "if factoring is hard, then no probabilistic polytime adversary
>will be able to tell if a message exists with probability better than 1/2 +
>neg(k), where neg(k) is less than 1/2^k for a security parameter k."
The main problem with such models, IMHO, is that all such results
have an extra condition: They require that the system designer knows
the probability distribution on covertexts as thoroughly as the
cryptanalyst. (Otherwise, ciphertexts might be indistinguishable
from the wrong probability distribution.) And, in practice, it
seems to be very difficult to know whether you've met this requirement.
And, of course, there's the issue of active attacks by the warden.
I'm reminded of the anecdote of the WWII censors who, faced with a
shipment of watches and concerned that the direction of the hour hands
might be concealing a hidden message, foiled any would-be spies by
randomizing all the watch hands. That's a clever solution!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: patent issue
Date: Sun, 08 Apr 2001 07:54:03 GMT
Tom St Denis wrote:
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote ...
> > ? Did I mention money? And anyway, what do you have against
> > someone *earning* his keep by inventing useful stuff?
> So you need money to be fulfilled?
How did you manage to get accepted into college with such poor
reading comprehension skills?
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 09:52:50 +0200
>
>
> Enigma, Navaho and other WWII encryption techniques would not be
> secure today.
That's an over-generalized statement. OTP properly applied in WW2 will
be secure forever, and eben some WW2 hand-codes might still be secure.
Also, the doctrine "security by obscurity is bad" might not be so true.
Look at DES or RC4: All spooks around the world had now quite some time
to look at those very interesting targets. One could argue that this
long period of cryptanalysis might have produced new methods, which are
specifically useful against those ciphers. I am pretty sure a future
generation will look at (3)DES and RC4 in the same way we look at Enigma
today :-)
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: GIF is bad
Date: 08 Apr 2001 01:00:48 -0700
Actually, using GIF to mail digital photos around is suspicious all by
itself. GIF is ok for some kinds of line graphics, but for photos just
about everyone these days uses JPEG.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Partitionize issues
Date: Sun, 08 Apr 2001 10:17:28 +0200
Paul Rubin wrote:
> Actually, using GIF to mail digital photos around is suspicious all by
> itself. GIF is ok for some kinds of line graphics, but for photos just
> about everyone these days uses JPEG.
It would be easier to "partitionize" the discussion to traffic analysis
and image/sound stegano. These two issues can be discussed quite
independently. Techniques for defeating traffic analysis are already
well-known, image/sound stegano not so much.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: JPEG also problematic
Date: Sun, 08 Apr 2001 10:27:10 +0200
JPEG attempts to do some sophisticated frequency-domain (lossy)
compression. This means that images have quite typical (visible, statistic
and frequency-domain) characteristics. If bandwith is not a problem, I
would just use images/sound samples with a very high amplitude resolution
(24 or 32 bit). Of course, the amount of noise and its characteristics (in
various domains) would have to be carefully analyzed. The information to
be embedded would have to be carefully encoded to have similar statistic,
frequency domain and eyeball-visible characteristics. And here the
cat-and-mouse game starts: There are an infinite number of transformation
domains and statistical tests "to be discovered". Whoever has the most and
best math/signals analysis gurus will win..
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Sun, 08 Apr 2001 10:34:52 +0200
Regarding the BinLaden wackos: No, I do not think it is irresponsible to
discuss stegano techniques on the usenet. If BinLaden's intelligence
department lurks on the usenet, they will inevitably be infected by the
devilish ideas of tolerance, fierce discussion and the power of intellectual
diversity :-)
------------------------------
From: [EMAIL PROTECTED] (Joe H Acker)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 8 Apr 2001 13:28:06 +0200
As far as I've read about it (can't find the link anymore, sorry),
current steganographic tools that are publicly available fail miserably.
Especially, they allow your adversary to *proof* that you have hidden a
secret message. Good steganography should make this as hard as possible.
Also, current steganographic tools can be detected automatically.
I'm just an amateur, but I'd say there need to be at least the following
principles for good stego:
(1) the secret message must be encoded as a possible sequence of
redundant bits of the stego channel (basic steganographic principle)
(2a) all possible sequences of redundant bits of the stego channel can
be a secret message with exactly the probability they can occur without
encoding any secret message (maximum steganographic confusion)
(2b) any secret message should be spread as randomly as possible over
the chosen sequence of redundant bits of the stego channel (maximum
steganographic diffusion)
Problems: The possible sequences of redundant bits do not necessarily
need to have the same statistical properties even when compared to
themselves. This can make it hard to find a general algorithm for (1)
and (2a). Also, I think (2a) and (2b) require a key.
In practise, I'd say that even principle (1) is not respected by most
implementations. It's easy to find an algorithm when the possible
sequences of redundant bits are random (like when a channel has white
background noise that is random and you can use this for hiding your
message). Unfortunately, usually the possible redundant sequences of
bits are not random at all. Also, (1) and (2a) must be optimal in order
to make proof of the existence of a stego message without the key
impossible. However, I'm not sure wether principle (2b) is necessary at
all, it just seems reasonable given the assumption that any practical
solution of (1) and (2a) aren't optimal.
So no, don't use any publicly available steganography tools in real
world situations.
Regards,
Erich
------------------------------
From: H C <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 07:43:58 -0400
> > > It seems you are posting from UK. If you do anything Her Majesty's govt.
> > > doesn't like, I would also not expect stegano to get a additional security
> > > :-) GCHQ and NSA can be considered a *single* organization...
> >
> > by whom?
>
> By every entity outside the WASP (White Anglo Saxon Protestant) community.
Really? And you speak for every such entity?
Which entities are these? Do they have names, in much the same way you have named
"WASP"?
> Sure, sometimes the english and the US govt have different interests (e.g. Suez
> canal crisis), but these are *very* seldom occasions.
Vague generalities used to support a universal statement...very tricky stuff, that.
Has a way of falling apart.
> they
> are also "racially and culturally" (sorry for being so blunt) integrated.
Ah, the crux of the matter is easily reached...
> Taking into account that the roots of US, Canadian (Quebec doesn't count),
> Australian and NZ culture is England, this is just natural. This "virtual
> english nation" is reflected in the extremely close cooperation of their
> intelligence services, with ECHELON just mirroring this on the technical level.
Your "virtual english nation" has some rather interesting beginnings, doesn't?
Australia
was originally a penal colony, and the Yanks handed the Brits a 200+ year
"whoop-ass".
Further, the US was hesitant to engage in WWII, even as the British were on the
brink
of collapse. I fail to see the "virtual english nation" being born in either case.
------------------------------
From: H C <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 07:46:14 -0400
> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> > Another thought. We still have alot of people out of work here
> > you could hire some Navahos. And just let them communicate messages
> > to and from IRAQ. It worked in WWII. I doubt he has anyone there
> > fluent in it. Or pick some other small indian tribe to hire workers.
Won't work...traffic analysis issue arises again.
> Or they could hire some pimply American teenage geeks and have them
> communicate in 31337 h4x0r-5p33k.
That'll work. Especially if you hire disparate "gangs"...like the group
of kiddies that
uses a default install of RH Linux can transmit, and the group that uses
Windoze can
receive...
------------------------------
From: H C <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 07:48:20 -0400
> OK. If you can hide it in the pictures seen on cnn.com, maybe this works.
> If you have a site which is only visited by people whose only intention is to
> download covertext...
CNN had an article not too long ago about bin Laden using encryption and stego'd
images to communicate with cells. They used images at porn sites to communicate.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: patent issue
Date: Sun, 08 Apr 2001 12:09:35 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote ...
> > > ? Did I mention money? And anyway, what do you have against
> > > someone *earning* his keep by inventing useful stuff?
> > So you need money to be fulfilled?
>
> How did you manage to get accepted into college with such poor
> reading comprehension skills?
I'm sorry what does "earning his keep" mean?
Anyways this is OT, just read this reply, laugh, cry, think about the good
times and get on with life. I was just ranting anyways it's nothing
personal.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
