[Gllug] news mirror sites
mute8 at mutantswarm.org
Fri Jul 2 17:28:10 UTC 2004
>> Steganography is too weak.
> Practical arguments and implementation details aside for a moment, I've
> seen no evidence that steganography would not be adequte for the task,
> and a blanket assertion like that about the technology as whole doesn't
> really hold water without some backup.
Sorry, that's a failing on my part - I was too tired to expand on the
issue at length at the time.
To quote Bruce Schneier:-
"...I've seen steganography recommended for secret communications in
where the simple act of sending an encrypted e-mail could be considered
This is bad advice. The threat model assumes that you are under suspicion
and want to
look innocent in the face of an investigation. This is hard. You are going
to be using
a steganography program that is available to your eavesdropper. He will
have a copy.
He will be on the alert for steganographic messages. Don't use the sample
image that came
with the program when you downloaded it; your eavesdropper will quickly
recognize that one.
Don't use the same image over and over again; your eavesdropper will look
for the differences
between that indicate the hidden message. Don't use an image that you've
downloaded from the
net; your eavesdropper can easily compare the image you're sending with
the reference image
you downloaded. (You can assume he monitored the download, or that he
searched the net and
found the same image.) And you'd better have a damn good cover story to
explain why you're
sending images back and forth. And that cover story should exist before
you start sending
steganographic messages, and afterwards. Or you haven't really gained
While I don't agree with all of his assumptions, the main thrust of his
argument is valid IMO.
To make steganography a protocol strong enough for the proposed use
requires a degree of
sophistication on the part of the communicating parties at least equal to
that of the putative
cracker, and the knowledge and discipline required to be aware of, and to
problems - through careful moderation of your sending behaviour, for
instance. It would be
essential to educate the communicating parties of the pitfalls of the
See below for my comments on that.
>> As it stands we are talking about a security protocol that, if breached,
>> could mean the difference between life and death for the receiver.
> Historically, far weaker protocols have been used for exactly this. At
> the end of the day, it is the choice of the user as to whether a
> specific arrangement is "secure enough" to warrant taking the risk. All
> we could do is offer advice and estimate risk.
Yes, but to protect the communicating parties, the "choice of the user"
be an _informed_ choice. Which brings us to the question of how to supply
information to _make_ an informed choice. I'm making an assumption here -
accessing information regarding secure information transfer methods would
suspicious enough to get the end user arrested. Chicken and Egg.
>> I really don't think any of us are capable of taking on that
>> responsibility. Let's face it - we are not the people to be
>> implementing a
>> solution to China's access problems. This needs a concerted effort in
>> diplomatic circles, and there is a reason that that effort has not yet
>> been made.
> That really isn't a good argument. Advocating inaction because you
> believe there are people better placed than you who are doing nothing
> simply becomes something of a self fulfilling prophecy. When everyone
> thinks like that, no-one ever does anything. I'm not necessarily saying
> that members of GLLUG ought to assist here, but I do believe that your
> reasoning as to why they should not is fallacious.
I'm not advocating inaction - I'm advocating a concerted diplomatic
effort. I'm rather
afraid though that while China remains a thriving opportunity for foreign
foreign powers with commercial interests in China will be unwilling to
rock the boat
- at least until the matter attains a higher priority (by becoming an
I'm a fervent advocate of direct action, but where a robust, tested,
process for dealing
with problems such as these exists, it would seem foolish to not try that
route first - at
least in concert with other, individual efforts.
I believe it to be our responsibility to raise the profile of the issue
with our own
governments, and persuade them to apply diplomatic pressure. In some way
we need to make
the prospect of deregulation attractive to the Chinese government. There
is a recent
precedent - the trade deregulation I mentioned earlier - and our own
investment in China
gives us an amount of leverage at the very least in this direction.
This is assuming, of course, that we have the right to interfere in the
workings of a foreign sovereign state - a tricky position at best,
events of the last two years.
>> It really helps if you don't upset more than one government at a time.
> Surely upsetting governments comes down to what priciples people are
> prepared to stand up for? Would you advocate not worrying about freedom
> of speech if you were up against more than one government? Come to think
> of it, given the situation on China, isn't that exactly what you are
No - I was talking about upsetting your _own_ government as well as the
government. No government I know would allow development of a secure,
method of information transfer - at the very least on the grounds of
Think back to the furore over PGP caused by the NSA in the US - the
subsequent advocation of
escrow keys, mandatory backdoors and deliberately weakened encryption
methods that followed.
>> Still - if anyone has any half-sane ideas, I'm open to suggestions.
> There are a number of technical solutions, some of which have already
> been put forward. They are quite possibly "good enough" to prevent
> someone seeing what's being done. However, in a police state, it isn't
> necessary to prove guilt - suspicion is ample grounds for execution or
> permanent incarceration. Whether the end users want to run that risk or
> not is another matter.
I wasn't denigrating the ideas - just that regardless of whether a
solution is technically
"good enough", that the use of the solution requires a high level of
sophistication by both
communicating parties - in order to make it work plausibly and with the
Even though our communications could be made to appear innocuous in
_content_, it is possible
to extrapolate a degree of information from the _pattern_ of
communications - enough to alert
the authorities that something is amiss.
Confounding this sort of signals intelligence requires a great deal of
planning and creativity.
You need to establish a "control" pattern of communication ahead of time,
and then fit your illicit
activities into the existing pattern to hide them - and the overall effect
still needs to
fall within the acceptable parameters for "innocent" behaviour. This is
not an easy thing to do.
All the best,
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG