aid worker stego

[Dave Howe]

Peter Fairbrother wrote:
> I don't think there is much danger of severe torture, but I don't think
> "innocent-until-proven-guilty" applies either, and suspicion should be
> minimised or avoided.
Depends on what you want to avoid.
Best solution for software is dual-use - 7-zip for file encryption, 
standard s/mime capable email software (such as thunderbird or even 
outlook express) for pki. However, encrypted emails are *always* going 
to stick out like a sore thumb if intercepted, and even the output of 
most stego packages will look suspect (unless your aid worker is in the 
habit of sending large numbers of digital photos by email. This could be 
arranged - get him to take new, original photos of what he sees while 
doing his work, use them exactly once for stego, then keep the stegoed 
versions around on the hd so that any comparison later will show the 
"original" version identical to the intercepted email version.

Probably the best overall solution to this would be a bootable mini-cd; 
a mini-linux distro would give a gui, and still leave room for 
conventional encryption packages, stego packages and the user's 
secret/public keyring, leave no trace on the HD at all (no matter how 
good the forensic package), can be hidden in a wallet amongst credit 
cards, and can be distroyed trivially by simply scratching off the 
printed surface with the back of a key or against a rough surface such 
as a wall or stone paving slab (ie, drop it face down, then stand on it 
and move foot back and forth until you have an oblong of worthless 
plastic and a slightly messy walkway)

assuming stego, you could load digicam photos (either via a driver on 
the minicd or via windows, whichever you happen to be using at the time) 
not long after they were taken, for later stego purposes, and the space 
they use on the digicam reused for more photos before the first set were 
used for stego (or again, if in a hurry, just remove and discard the sd 
card from the cam)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com