NSA explains how to redact documents electronically

Steven M. Bellovin smb at cs.columbia.edu
Wed Jan 25 01:53:24 EST 2006

In message <20060125030247.93612.qmail at simone.iecc.com>, John Levine writes:
>>One wonders how long it will be till someone finds an error...
>Even if it's right, it's so complicated that it seems rather
>optimistic to expect people to follow it correctly every time.

I agree.  It's also very dependent on the exact options that Microsoft 
and Adobe have currently implemented.  Minor changes could screw this 
up completely.
>I don't claim to be a big security guru, but if I were planning to
>distribute a redacted PDF document, I'd render it to a bitmap, then
>turn the bitmap back into a PDF and ship that, a digital version of
>printing it out and scanning it back in.  On Unixish systems, one can
>do that in about five minutes with freeware tools like ghostscript and

That's more or less what they did when they declassified Skipjack, 
though they may have used a real printer and scanner instead.  Some 
people laughed at NSA's technical ineptitude -- didn't they know how to 
print to PDF directly?  Others realized that NSA understood the problem 
at a much deeper level.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list