<nettime> "Pirate Utopia," FEED, February 20, 2001

Adam Back adam at cypherspace.org
Sat Sep 22 11:11:08 EDT 2001 

On Fri, Sep 21, 2001 at 06:19:43PM +0100, Adam Back wrote:
> My point was higher level.  These systems are either already broken or
> fragile and very lightly peer reviewed.  There aren't many people
> building and breaking them.

To elaborate on this slightly.  There are inherent reasons why
steganography is harder than encryption: the arms race of hiding data
in noise is based on which side (the hider vs the detecter) has the
best understanding of the characteristics of the host signal.  The
problem is the host signal is not something with clear definition,
what is known is primarily empirical statistical analysis.
Manipulating signals with noise in them to replace noise with the
stego text is not so hard, but knowing and modeling the signal and the
source noise is not a solvable problem.

There will be a never-ended stream of more refined and accurate models
of the signal itself, and biases in the equipment that collects the
signal.  So there will be always a risk that the detecter gets the
edge by marginally more accurately modeling the bias, or finding a
some new bias not modelled by the hider.

> Or, they found existing stego software and evidence of it's use on
> seized equipment or even some 2nd generation, non-publicly available
> stego software on seized equipment.

There have subsequently been news reports claiming the terrorists had
non-publicly available stego software written by their own expert.
This still conflicts with numerous other reports, so it's not clear
what's going on.

But either way none of this would help the signals intelligence
special interest groups arguments to ban steganography, anonymity or
encryption as if anything it would be proof by example of the argument
that terrorists won't have difficulty obtaining software as they can
in the worst case write it from scratch.

Adam



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list