Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's Now State of the Art in Encryption Technology?

Posted by Cliff on from the keeping-prying-eyes-out-of-your-private-life dept.

With the events of September 11, 2001 still vividly etched into our conscious minds, it was only a matter of time before the US Government would paint the crosshairs on their next target after Bin Laden: encryption. With Ashcroft's declaration of computers as tools of terrorism, and law-enforcement pushing for enhanced surveillance, it appears that one of the first victims of America's new war may be the privacy of her citizens. Of course, if you are concerned about privacy, you're probably wondering how to improve what protections you have in place, if any. So what are the leading-edge innovations on the encryption front right now, and how easily can such tech be adapted to everyday communications? C :In an interesting display of synchronicity, Timothy posted this article, earlier today, which notes that Steganography use isn't as wide-spread as previously thought. Deagol asks: "With the Feds pushing for encryption back-doors, and even more domestic surveillance, how can we resist this? I mean in a practical way, but at the same time taking a stand for our rights to privacy and assembly. What's the current state of the art in hard disk encryption? Email encryption? Steganography? There are many tools out there, as well as many link-farms, (I looked at many today), but many pages seem dated, and it's hard to tell who's using what in a useful implementation. So, who is using PGP or GPG? Who is using BestCrypt or Loopback Encryption, Freenet or Steganography? A privacy weenie wants to know what your daily-use setup is!"

One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.

JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?

To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.

Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.

So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"

3 of 483 comments (clear)

  1. What's wrong with the Government reading... by cpodurgiel · · Score: 0, Flamebait

    What's wrong with the Government reading your email? If you have a problem with that, then obviously you have something to hide. I really don't care if Big Brother reads the email to my friend about the news article on Slashdot, or about getting to gether to watch Monday Night Football. But I would be concerned if I was planning some illegal activities. Heck, I don't even care that this message is being moderated! Bottom line is this.. What good are your civil liberties, when you're dead?

  2. Dubya reading from a teleprompter... by blackholebrain · · Score: 0, Flamebait

    *Dubyonics* == "I personalibly recommendify it as the biggest high level of encryptionite that's conceivably imaginable."

    --
    <---[singularity sig]
  3. Silly argument... by ArtificialKid01 · · Score: 0, Flamebait

    This debate is going no where, and you'll never get the majority of the population on your side. Here's why:

    1) Popularity - How many of you, even those who consider yourselves activists, *always* use encryption? How many of you who support encryption usually send plaintext emails? You know who you are. How can you then expect "Joe user" to do the same?

    2) Content - Most communications don't require privacy, plain and simple. How many government types or hackers really care how many tequila shots you did last night?

    3) Abuse - Abuse or interception of "private" emails simply isn't rampant. It would be much easier to sell this position to the public if people were actually getting screwed because of intercepted email or governmental abuse.

    4) Rights - This is a fight for a vague, ephemeral concept of "rights". On the other side of the coin, there's a smoking hole in the ground where 6,000 people once stood. Most people (including myself) value the safety of thier wives and children more than your right to hide "how stoned" you got last weekend from the eyes of the feds.