Ben Laurie writes:
> If you want a lot of people to see it, you can't keep it secret. If you
> can't keep it secret, you may as well just come out with it and publish
> the bits without stego.
>
> What did I miss?
It depends on how hostile the regime is. If you want to publish
something but the publishing process itself is risky, you could
publish it stego'd after running it through something pseudo-random,
e.g. the low bits of a particular song. Hmmm.... I think I'm
thinking... my brain is starting to swell... I'm starting to come up with
something.
Just as PGP doesn't use a public key algorithm to encrypt, but instead
to encrypt a private-key-encryption key, you wouldn't use low-bit
stego to hide the data, you'd use it to say which *other* stream of
random bits had been used to exclusive-or the actual encrypted data.
If the set of random (low) bits came from the same type of data
stream, then the statistics would be the same. So you use 1 out of
every 1024 bits to create a number, and the number selects a
particular archived piece of data, and then ... and then....
Sigh. But here we run into security by obscurity. This only works if
the algorithm to select the other audio stream is not published. As
soon as you publish it, someone can de-randomize, or de-color the
data, and see that you have non-statistically-correct data hidden.
What you'd need to do is have an algorithm which takes in a whole big
pile of bits, and depending on the recipient's private key, selects
some of them for decryption. In this manner, you make the problem of
detecting the stego computationally equal to decrypting the data.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
