aid worker stego
Dave Howe
DaveHowe at gmx.co.uk
Sat Apr 2 11:14:18 EST 2005
Peter Fairbrother wrote:
> I don't think there is much danger of severe torture, but I don't think
> "innocent-until-proven-guilty" applies either, and suspicion should be
> minimised or avoided.
Depends on what you want to avoid.
Best solution for software is dual-use - 7-zip for file encryption,
standard s/mime capable email software (such as thunderbird or even
outlook express) for pki. However, encrypted emails are *always* going
to stick out like a sore thumb if intercepted, and even the output of
most stego packages will look suspect (unless your aid worker is in the
habit of sending large numbers of digital photos by email. This could be
arranged - get him to take new, original photos of what he sees while
doing his work, use them exactly once for stego, then keep the stegoed
versions around on the hd so that any comparison later will show the
"original" version identical to the intercepted email version.
Probably the best overall solution to this would be a bootable mini-cd;
a mini-linux distro would give a gui, and still leave room for
conventional encryption packages, stego packages and the user's
secret/public keyring, leave no trace on the HD at all (no matter how
good the forensic package), can be hidden in a wallet amongst credit
cards, and can be distroyed trivially by simply scratching off the
printed surface with the back of a key or against a rough surface such
as a wall or stone paving slab (ie, drop it face down, then stand on it
and move foot back and forth until you have an oblong of worthless
plastic and a slightly messy walkway)
assuming stego, you could load digicam photos (either via a driver on
the minicd or via windows, whichever you happen to be using at the time)
not long after they were taken, for later stego purposes, and the space
they use on the digicam reused for more photos before the first set were
used for stego (or again, if in a hurry, just remove and discard the sd
card from the cam)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list