aid worker stego
Ian G
iang at systemics.com
Tue Mar 29 09:49:46 EST 2005
Peter Fairbrother wrote:
> I've been asked to advise an aid worker about stego. Potential major
> government attacker.
This is the area that cryptorights.org has been
looking at. They were looking at creation of
tools to support aid workers and the like.
(I'm not sure if they are still active though.)
> Any other ideas?
It's a very tricky problem because the details of
Alice's environment and the attacker's methodology
matter a lot. For example, some countries run SSL
proxies and some other countries do not.
If I was the aid worker (by way of example) I would
prepare pgp emails on my laptop, transfer them to
a public machine and email them out that way. And
then scrub the laptop of the email itself. Also,
I'd be inclined to use a one-time-password situation
as seizure of keys and compelled revelation would be
a threat.
But whether that works for every aid worker I doubt,
because it assumes things like ... laptops!
Stego itself is the sort of thing that can make
matters much worse if it is discovered, because it
indicates that you have something to be scared of,
and makes you a target. Better to just routinely
encrypt everything and put in lots of chit chat.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list