[Cryptography] Steganography and bringing encryption to a piece of paper

[Tom Mitchell]

On Fri, Jul 18, 2014 at 9:19 AM, Dave Howe <davehowe.pentesting at gmail.com>
wrote:

>  On 18/07/2014 08:08, Grégory Alvarez wrote:
>
>    Steganography on a piece of paper? A problem with the dictionary
> approach is that the text does not look like a normal letter. The censors
> may not be able to read it, but they can see that the text stands out. A
> phrase like "uncomplimentary threateningly. conceptually secures on
> pockiest" does not look like something you would place in a letter to
> grandma...
>
>>
>  Yes this is a problem I am working on. I have some ideas how to solve it
> but nothing very effective right now. Any suggestions are welcome.
>
> Seen an approach to this that relied on transcribing existing text and
> choosing synonyms for the words such that the original meaning was
> preserved; downside was it was a really low bandwidth channel, with only a
> couple of bits per altered word and not every word capable of being altered
> in a sentence without completely changing the meaning.
>

Interesting.... at first I considered this to be less than ideal but
as soon as I let go of the idea that it must apply universally I
started to think of ways to make it work for me.  Then it was
more interesting.

Two individuals could use it to pass hints to select one of many stronger
codes or pass pass phrases to one time use PGP keys.

In the modern twitter world I can see short but transformed messages
used well.

Business secrets could not be unlocked from a cloud resource without
a short term key.

In a world where you can be compelled to divulge a key, businesses
might need to be a way to have a traveler travel without the key and then
with
a rehearsed phone, text, twitter  Turing test like interaction pass then
using a
tool like this the keys needed are bootstrapped.

Dictionaries could include old or new international code books..... Like:
http://howwethink.nkhayles.com/codebooks/texts/
to improve things.

These old codebooks had a good deal of thought hidden in them
and should not be ignored.  Note that they like any data management
and control system can be used well or badly.

For many Rot13 + compress is sufficient.  But how to make Rot13+compress
and PGP1024bit+compress look the same to a reader.

The meta data issue  for communication is however bigger today.
Static data vs. communication traffic domains need not overlap
and can have different answers.











-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140718/d6567363/attachment.html>