Stegdetect 0.4 released and results from USENET search available

David Honig honig at
Sat Dec 29 11:09:07 EST 2001

At 02:47 PM 12/28/01 -0800, Bill Stewart wrote:
>At 01:59 PM 12/28/2001 -0800, David Honig wrote:
>>A.A.M + PGP = covert radio transmitter which sends coded messages.
>>interesting, so you direction-find to defeat the anonymity.
>And Perry replied:
>>[Moderator's note: And how would you possibly do that? --Perry]

Anonymity, like much of crypto or security, is an arms race.  

A radio TX would try bursty sending.  So the DXer must keep his receivers
going all the time.  So the TXer has to move to a different
place each time he sends.  So the DXer needs a larger mesh
of receiver stations and faster response; recording travel (license
plate cams, requiring ID on busses) helps too.  Ultimately the
DXer can do a physical search on everyone.  So the TXer has to embed
the transmitter in his body.  So the DXer has to X-ray everyone, etc.
Faster foxes lead to faster rabbits which lead to faster foxes.

Similarly with "anonymous" IP broadcast.  Place enough surveillance cameras,
subvert enough ISPs/remailers, deploy enough trojans, do enough traffic
analysis, and strong anonymity takes much more effort.  At that point the
effort for stego might have been a good tradeoff.

The point of stego, it seems to me, is to not attract such attention
in the first place.  Although *if* you're already on someone's "Watch List"
there may be little point.

Another example: You could have an encrypted, deniable filesystem with duress
passphrases, etc.  But you still have to deal with Mr. Happy-Fun Customs
Agent who wants to know what kind of naughty bits you're importing.  A
collection of baby pictures requires no explanation, no special flag in the
records that 
track you.

>So tracing a single transmission may be hard, but tracing an ongoing pattern
>is easier,


> unless there's a trusted Usenet site in some
>country where you don't have jurisdiction problems.

And is out of range of the guided missile which was "accidentally"
mistargeted due to "out of date" maps.  And which doesn't need
to interact with the US financial tentacles.  Which can maybe survive
a physical embargo.  Whose sysop is immune from coercion or bribery.

>That means that A.A.M + PGP is fine for an occasional
>"Attack at Dawn" message, but not necessarily for routine traffic.

Yes --much like a covert radio transmitter.

"Love work, hate domination, and do not let your name come to the attention
of the ruling powers." -Talmud/Sayings of the Fathers



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list