Re: FC: Hollywood wants to plug analog hole, regulate A-D converters
Peter Trei writes: My mind has been boggled, my flabbers have been ghasted. In the name of protecting their business model, the MPAA proposes that every analog/digital (A/D) converter - one of the most basic of chips - be required to check for US government mandated copyright flags. Quite aside from increasing the cost and complexity of the devices many, manyfold, it eliminates the ability of the US to compete in the world electronics market. This is absurd. In all the commentary on this issue, no one has made the obvious point that the MPAA has no interest or intention in putting watermark detectors into every ADC chip! They don't care about the ADC chip in a digital thermometer or even a cell phone. All they care about are things like PC video capture cards, which are high fidelty consumer devices capable of digitizing copyright protected content. Their white paper is a brief summary of their goals and intentions and does not go into full technical detail. But let's use a little common sense here, folks. It's pointless to try to shoot down this proposal by raising all these horror stories about ADC chips in industrial and technical devices being crippled by a watermark detector which will never be activated. If you waste time developing this line of argument, you will be left with nothing to say when the actual bill focuses only on the specific devices that the content holders are worried about. And sure, a sufficiently talented electrical engineer can produce a custom board to do non-watermark-aware ADC, and digitize TV shows and music. The MPAA has to accept that such activity will continue to go on at a low level. They just want to make sure that consumer devices are not sold that enable every customer to make easy digital copies of copyrighted data based on an analog source, as they can now with the Replay DVR. Please, let's use some common sense and not go overboard with an obviously mistaken interpretation of the MPAA's intentions. That wastes everyone's time.
Re: When encryption is also authentication...
I concur. The problem is that the most prevalent e-mail program (Outlook) requires no user intervention as a default when signing and/or encrypting a message with S/MIME. One can override the default to High Security (requiring password) only while the X.509 certificate is being installed. I also agree that alternative authorization mechanisms (or combination thereof) are entirely appropriate: smartcards, flashcards, biometric readers, magnetic strips, bar codes, etc. Different schemes will work provided the hardware is available and adequate authentication can be assured. Curt --- David Howe [EMAIL PROTECTED] wrote: Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it) = Curt end eof
Re: Forward-secure public-key encryption eprint
David Hopwood writes: Forward-secure public-key encryption has been discussed here, on sci.crypt, and elsewhere. To recap - the goal is that an adversary who breaks into your computer today can't read messages sent/received yesterday. In the interactive case, you use ephermal Diffie-Hellman. The non-interactive case is more complicated and has had some ideas considered by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks relevance: forward security is nice for remailers. Anyway, there's a new eprint up which shows how to construct such a scheme starting from an ID-based encryption scheme by Boneh + Franklin. A Forward-Secure Public-Key Encryption Scheme Jonathan Katz http://eprint.iacr.org/2002/060/ It's worth noting that the scheme this is based on has code available. http://crypto.stanford.edu/ibe/download.html Adam Back noted several years ago that identity-based encryption systems could be converted into forward-secure PK encryption methods. At the time it did not appear that any of the identity-based encryption systems were very secure. In the past few years a number of cryptographic results have been achieved by using the Weil and Tate pairings, which are mappings among groups associated with supersingular elliptic curves. These mappings have special mathematical properties which give a new slant to a number of cryptographic problems. For example it can be shown that in the appropriate group, the Decision Diffie-Hellman problem is easy while the Diffie-Hellman problem is still thought to be hard. On coderpunks this was discussed as a possible approach to ecash. The Weil pairing can also be used to create short signatures, only 20 bytes long for the same security as a DSA sig taking 40 bytes. At Crypto 2001, Boneh and Franklin showed how to use the Weil pairing to create an identity based PK system. Unlike earlier constructions, this one seems to have a good security margin. Following Adam Back's earlier idea, this means a forward-secure PKCS can be constructed, and the new paper does so, using the Weil and Tate pairings. One concern is that these mathematical techniques are new in cryptography and so it is possible that new attacks will be found against them. While the underlying math is old, the specific application is new and so weaknesses may still be discovered. Another problem is that the math is really advanced and not many implementors or users are likely to understand it very well. Sure we've got a library but the kind of people who want forward security would like to understand the principles a little better.
Re: FC: Hollywood wants to plug analog hole, regulate A-D converters
At 06:20 AM 5/30/2002 +0200, Nomen Nescio wrote: Peter Trei writes: My mind has been boggled, my flabbers have been ghasted. In the name of protecting their business model, the MPAA proposes that every analog/digital (A/D) converter - one of the most basic of chips - be required to check for US government mandated copyright flags. Quite aside from increasing the cost and complexity of the devices many, manyfold, it eliminates the ability of the US to compete in the world electronics market. This is absurd. In all the commentary on this issue, no one has made the obvious point that the MPAA has no interest or intention in putting watermark detectors into every ADC chip! They don't care about the ADC chip in a digital thermometer or even a cell phone. All they care about are things like PC video capture cards, which are high fidelty consumer devices capable of digitizing copyright protected content. But that also means it could block sale of analog test instruments, such as programmable PC-based spectrum analyzers. steve
Re: When encryption is also authentication...
SSL for commerce is readily in place without batting an eyelid these days. Costs are still way too high. This won't change until browsers are shipped that treat self-signed certs as being valid. Unfortunately, browser manufacturers believe in cert-ware for a variety of non-security reasons. Hopefully, one day the independant browser manufacturers will ship browsers that show a different icon for self- certs, rather than annoy the user with mindless security warnings. Then, we can expect a massive increase in secure browsing as sites start defaulting to self-signed certs, and a consequent massive increase in security, as well as a follow-on massive increase in the sale of certs. Unfortunately, we probably won't see an enhanced market for CA certs until Verisign goes broke. However, I'd be interested to know just how many users out there would enter their card details on an unprotected site, despite the unclosed padlocks and the alert boxes. Huge numbers of them. You won't see it in security lists, but most of your average people out there do not understand the significance of the padlock, and when merchants request credit card numbers, they quietly forget to tell them. And, in a lot of cases, credit card details are shipped over cleartext email rather than browsers. Many of these merchants have card-holder-present agreements, the restrictions of which, they just ignore. Commerce being what commerce is, it is more important to get the sale than deal with some obscure security nonsense that doesn't make sense. Have security fears and paranoia been abated by widespread crypto to the point whereby users will happily transmit private data, whether encrypted or nay, just because they *perceive* the threat to now be minimal? Now that the media has grown tired of yet-another-credit-card-hack story? Much of today's body of (OECD) net users don't read the news about the net and don't understand the debate, nor can they make sense of how to protect themselves from a site that is hacked... Three or four years back, much of the body of the net was still technically advanced and capable of understanding the fallacious security arguments. These days, perversely, the users are better able to evaluate the security risks, because they don't understand the arguments, so they look to the actual experience, which provides no warnings. Pointers to any evidence/research into this much appreciated... ta. Unfortunately, real data is being kept back by the credit card majors. It is my contention that there has never been a case of sniffed-credit-card-abuse, and nobody I've ever talked to in the credit card world has ever been able to change that. On the whole, all net-related credit card fraud is to do with other factors: mass thefts from hacked databases, fraudulent merchant gatherings, fear-of- wife revocations, etc. Nothing, ever, to do with on-the-wire security. -- iang
Re: sources on steganography
Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: I am writing my dissertation on steganography. Basically I'm writing a ^ ^ ^ ^ ^ You can't fool us. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Re: When encryption is also authentication...
Mike Rosing [EMAIL PROTECTED] wrote: Having it be transparent where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: sources on steganography
Hector Rosario wrote: Why would I be interested in fool[ing] [you]. All I asked was for some ^ ^^ ^ help with sources. If you cannot be of help, at least don't be a ^ ^ ^ hindrance. Besides, don't claim to speak for others. If envy is what ^^ ^ drives you, then I suggest that you work on that. ^ ^ ^^ -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: sources on steganography
Hector Rosario wrote: Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: I am writing my dissertation on steganography. Basically I'm writing a ^ ^ ^ ^ ^ You can't fool us. ...or I am storb. for the proportionally-gifted.
Re: sources on steganography
At 11:19 AM -0400 5/29/02, Hector Rosario wrote: I am writing my dissertation on steganography. Basically I'm writing a technical monograph that would be of use to undergraduate instructors. What do you think are the best sources on steganography on the Web? What about books other than Johnson, Katzenbeiser Peticolas, and the volumes covering the four international workshops on information hiding. I know that my book, _Disappearing Cryptography_, is being used as a textbook in a few schools. It's a bit broader than the others because it uses a more inclusive view of the topic. You can read a bit more here: http://www.wayner.org/books/discrypt2/ The book on Watermarking by Cox et al is also very nice, although very focused and very detailed. -Peter
Re: Forward-secure public-key encryption eprint
On Thu, 30 May 2002, Anonymous wrote: David Hopwood writes: Did I miss a separate message in which David Hopwood followed up to my post? Cypherpunks is more reliable for me than it used to be, but it's not always all there. math is really advanced and not many implementors or users are likely to understand it very well. Sure we've got a library but the kind of people who want forward security would like to understand the principles a little better. Thanks for the detailed summary! Even if the system may not be ready for prime time, I think it may still be worth looking at it and following future developments. -David
Re: sources on steganography
I AM OSAMA Good one !!! lol -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hector Rosario Sent: Thursday, May 30, 2002 8:42 AM To: Morlock Elloi Cc: [EMAIL PROTECTED] Subject: Re: sources on steganography Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: I am writing my dissertation on steganography. Basically I'm writing a ^ ^ ^ ^ ^ You can't fool us. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Re: When encryption is also authentication...
Ian Grigg wrote: [...] SSL for commerce is readily in place without batting an eyelid these days. Costs are still way too high. This won't change until browsers are shipped that treat self-signed certs as being valid. Unfortunately, browser manufacturers believe in cert-ware for a variety of non-security reasons. [...] Self signed certs defeat the purpose of the certificate chain mechanism, which is not just there to make Veri$ign rich. Mallory can self-sign a cert for bob.com, and hack Alice's DNS to point bob.com at her own site. But it's (theoretically, anyway) much more difficult for her to convince Verisign that she owns bob.com. If we trust Verisign to do that, then we know we're really talking to Bob when we visit bob.com. Now, the ability to add other CAs which we trust would be a nice feature, and if there were more trustworthy CAs which were added to the browsers by default, we could get the costs down closer to the actual overhead of verifying that the supplicant (er, applicant) actually owns the domain he's trying to get a cert for. But anyone can certify themselves as owning amazon.com, and it's critical that my browser tell me when some stranger makes such an assertion on their own. -J
No law re electronic contracting?
At 01:52 PM 5/30/2002 -0400, Steve Furlong wrote: Summary: Recent laws have attempted to make electronic contracting binding, but they have not addressed some of the fundamental principles of contract law. These fundamental principles are often stretched or broken in electronic contracting. There is no case law on electronic contracts. I suspect that a contested electronic contract would be easily voided. Nope. Back to the books for you. Here's a three-letter hint about the enforceability of electronic contracts - EDI. Also, take a look at these Internet-related cases - _Caspi v. The Microsoft Network LLC_, 323 N.J. Super. 118, 732 A.2d 528 (N.J. Super. Ct. App. Div. 1999) (at http://legal.web.aol.com/decisions/dlother/caspi.html) _Hotmail Corp. v. Van$ Money Pie_, 1998 U.S. Dist. LEXIS 10729; 47 U.S.P.Q.2D 1020 (N.D. Cal. 1998) (No. C98-20064 JW) (at http://eon.law.harvard.edu/property00/alternatives/hotmail.html) _Groff v. America Online_ 1998 WL 307001 (R.I. Super. Ct. May 27, 1998) (at http://legal.web.aol.com/decisions/dlother/groff.html) _Specht v. Netscape_ 150 F. Supp. 2d 585 (S.D.N.Y 2001) (at http://www.nysd.uscourts.gov/courtweb/pdf/D02NYSC/01-07482.PDF) You might find _Law of the Internet_, Lexis Law Pub (2001) of interest. -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961
Re: When encryption is also authentication...
Mike Rosing wrote: On Thu, 30 May 2002, cypherpunk_reader wrote: If the end user insists on e-signing a document without having read it it is there perogative, but I think there should be a better system in place to insure that they either read it or that they did not read it but agree anyway. I don't think so. If they are fool enough to sign a document without reading it, it's the same as using a pen to sign a contract without reading it. ... An e-signature can have the same weight in law as an ink one, and the same rules apply. A fool and their money are soon parted. Here's my analysis of the current situation regarding electronic signatures in the United States. The following few paragraphs are the way things are as I see them, not necessarily how they should be. An e-signature in this situation would indicate assent to a contract. One of the key points to forming a valid contract is a meeting of minds between the parties. Another is authentication that the alleged contracting party was actually the person who agreed to the contract. Meeting of minds includes knowing, understanding, and agreeing to the terms of the putative contract. With paper contracts, even lengthy ones, knowledge and understanding are assumed if certain conventions are met, such as font size and emphasis of important terms, as well as opportunity to read the contract thoroughly. And the contracting party is assumed to be able to take the contract to a lawyer if he's uncertain about any part of it. Many electronic agreements fail on one or more of these points. These contracts are often very lengthy, the equivalent of several pages of printout, and are often viewed only through a very small window, and often have small or otherwise illegible fonts. In paper, this would be similar to a five-page contract being written out on post-its, with only one visible at a time. Many of the agreements cannot be printed out, which interferes with both reading and obtaining expert advice. The situation is made even worse by the mingling of technical jargon with the legal jargon; many software-related contracts are even less intellegible than other contracts. Meeting of minds is questionable under these circumstances. Authentication is similarly problematic. Ordinary contracts are commonly agreed to in person or with signatures. Electronic contracts are commonly agreed to with one or two mouse clicks. There is nothing to indicate that the signer was the person he alleged to be. Some laws (see below) attempt to make this irrelevant, essentially saying that if your computer agreed, you agreed, but this is unlikely to stand up in court on basic principles. I was unable to find any US case law (court cases which went to trial and verdict, and which were written up for publication) on this subject. Bear in mind that I no longer have access to Lexis or Westlaw, but google and such can usually find relevent cases. I suspect that there are no reported cases hinging on electronic signatures. This isn't surprising, because the oldest electronic signature law is less than six years old, and that's probably not enough time for a problem to have arisen, been litigated, been appealed, and been written up. The e-sign law of 2000 doesn't provide much help. It states simply that a contract may not be denied solely because it was electronically signed. Furthermore, it applies only to interstate and international contracts. (Though most electronic contracts for, eg, downloaded software will be interstate or international.) It doesn't provide standards or guidance for what makes a valid electronic contract. The Uniform Electronic Transactions Act (UETA) is a model law which about half of the states have enacted. Some, maybe most, of these states have modified UETA before passing it. It's not clear how this affects contracts in which only one party is in a UETA state. UETA says that an electronic record fulfills any requirements for a written contract document and that an electronic signature fulfills any requirement for a signature on the contract, and it outlines what constitutes an electronic record and an electronic signature. Interestingly, UETA states that an agent, meaning a program, can fulfill the requirements for a signature, even without human participation. See http://www.ladas.com/BULLETINS/2002/0202Bulletin/USElectronicSignature.html for a decent summary, and http://www.uetaonline.com/ for more detail. Summary: Recent laws have attempted to make electronic contracting binding, but they have not addressed some of the fundamental principles of contract law. These fundamental principles are often stretched or broken in electronic contracting. There is no case law on electronic contracts. I suspect that a contested electronic contract would be easily voided. OK, that's the way I think it is, currently in the US. The way I think it _should_ be is much more caveat emptor, as Dr Mike and others have said, but the legislators
Re: sources on steganography
Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a I think that perception and sense of humour are sort of required for crypto work. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Re: When encryption is also authentication...
Hi However, I'd be interested to know just how many users out there would enter their card details on an unprotected site, despite the unclosed padlocks and the alert boxes. ( 02.05.30 08:34 -0400 ) Ian Grigg: Huge numbers of them. You won't see it in security lists, but most of your average people out there do not understand the significance of the padlock, and when merchants request credit card numbers, they quietly forget to tell them. And even if they tried, network security is too arcane of a subject matter for them to care about. They just want that big dildo [or whatever it is that they're ordering]. One online merchant I know put big padlock .gifs on the site to reassure users that their transactions were secure. The padlocks on the browsers were there, but they weren't as reassuring to the customers as the images. -- \js evolve real-time metrics
Re: Making Veri$ign rich(er)
On Thu, 30 May 2002, Ian Grigg wrote: [...] And, in practice this is how it goes. No thief ever bothers to do an MITM, even over *un*encrypted traffic. They simply hack into the machines and steal it all. That's why there has never been a case of CCs sniffed over the net and being used to commit a fraud (at least, no recorded ones). Change the analysis to small merchants, and it is even worse (of course Amazon will have a cert, so even its rich bounty is unavailable, you have to do this on small merchants). So, how do we make Veri$ign richer? Easy, switch browsers to accepting self-signed certs. To see this, we have to have tried or heard about small enterprises who have tried to set up their SSL certs. [...] If MITM attacks are so hard that you don't consider them a threat, why bother with SSL at all? SSL provides two things: * A certificate chain that demonstrates who you're talking to * Secrecy and message integrity between you and the person you're talking to You remove the first benefit by using self-signed certs. The second one is still nice, but if you're worried about me *watching* your traffic, shouldn't you also be worried about me intercepting your DNS lookup and replacing the response with my own IP? If we all use self-signed certs, you'll never be the wiser. Yes, the attack you describe where I get the root nameservers to redirect *all* amazon.com traffic to me is hard. And it can be pretty tough to watch and modify an individual user's traffic. But it's not nearly as tough as breaking the crypto behind SSL. If we use it right, that security extends to the domain I type into my browser. If we don't, we reduce it to the hardness of manipulating the wire. I certainly agree that merchants need to use better security on the server end. But that's orthogonal to the SSL issue. -J
F.B.I. Given Broad Authority to Monitor the Public
Get ready for the shit storm. I'm making a list, checking it twice, gonna found who's tree gets watered tonight... F.B.I. Given Broad Authority to Monitor the Public By THE ASSOCIATED PRESS WASHINGTON (AP) -- Attorney General John Ashcroft on Thursday gave the FBI broad new authority to monitor Internet sites, libraries, churches and political organizations, calling restrictions on domestic spying ``a competitive advantage for terrorists.'' http://www.nytimes.com/aponline/national/AP-FBI-Reorganizing.html Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Re: CDR: Re: sources on steganography
Jesus christ Hector! What the fuck are you planning to be when you grow up? A funeral director or something? Grow a sense of humor for chrissakes. Or get lost, whichever is easier. yeah, I top posted. And my sig is at the bottom. Sue me. On Thu, 30 May 2002, Hector Rosario wrote: Date: Thu, 30 May 2002 09:41:54 -0400 (EDT) From: Hector Rosario [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Morlock Elloi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: CDR: Re: sources on steganography Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: I am writing my dissertation on steganography. Basically I'm writing a ^ ^ ^ ^ ^ You can't fool us. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: sources on steganography
Peter Wayner has a few books that deal with this and related topics. Search for them on Amazon or wherever. At 11:19 AM 05/29/2002 -0400, you wrote: I am writing my dissertation on steganography. Basically I'm writing a technical monograph that would be of use to undergraduate instructors. What do you think are the best sources on steganography on the Web? What about books other than Johnson, Katzenbeiser Peticolas, and the volumes covering the four international workshops on information hiding. I am also interested in the history of the subject. One major problem with the available sources covering the history (like Kahn) is that they completely disregard China, India, and Arab countries. Any pointers? thanks, hector