What's Now State of the Art in Encryption Technology?

With the events of September 11, 2001 still vividly etched into our conscious minds, it was only a matter of time before the US Government would paint the crosshairs on their next target after Bin Laden: encryption. With Ashcroft's declaration of computers as tools of terrorism, and law-enforcement pushing for enhanced surveillance, it appears that one of the first victims of America's new war may be the privacy of her citizens. Of course, if you are concerned about privacy, you're probably wondering how to improve what protections you have in place, if any. So what are the leading-edge innovations on the encryption front right now, and how easily can such tech be adapted to everyday communications? C :In an interesting display of synchronicity, Timothy posted this article, earlier today, which notes that Steganography use isn't as wide-spread as previously thought. Deagol asks: "With the Feds pushing for encryption back-doors, and even more domestic surveillance, how can we resist this? I mean in a practical way, but at the same time taking a stand for our rights to privacy and assembly. What's the current state of the art in hard disk encryption? Email encryption? Steganography? There are many tools out there, as well as many link-farms, (I looked at many today), but many pages seem dated, and it's hard to tell who's using what in a useful implementation. So, who is using PGP or GPG? Who is using BestCrypt or Loopback Encryption, Freenet or Steganography? A privacy weenie wants to know what your daily-use setup is!"

One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.

JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?

To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.

Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.

So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"

My handwriting qualifies as crypto

[richie2000]

I haven't been able to reliably read my own handwriting for years. Given a small government grant, I could develop this even further into a true, secure, incommunication system of one-way cryptos. If I could be bothered to learn Navajo, I'd be set for life.

living in caves and growing beards??

[CrudPuppy]

the Afghan people have tried that already, and it
hasn't kept them very safe from bin Laden...

*rim shot*

I'll be here all week folks! =)

The state of the art

[the_other_one]

ROT 13. Plus DMCA. Plus Attack Lawyers.

Nobody will hack this right?

Re:The state of the art

[Coniine]

>ROT 13. Plus DMCA. Plus Attack Lawyers.

>Nobody will hack this right?

Not true, it will just be like sex in the old days - everyone does it but everybody's afraid to talk about it.

Usage of steganography here!

[Paranoid]

My coworkers and I tend to use a form of steganography, on IRC. Its not typical pixel-in-picture stuff, though... rather, the script encodes messages (the current irssi perlscript implementation is 7-bit clean) in the entropy available in l3eT-babbling carrier text. For instance, "l" could be "l", "L", "|" or "1", meaning you could use an "l" character to store 2 bits of data. The output looks, as I'm sure you can guess, horrible.

For more important things, we tend to use ssh, but steganography isn't entirely forgotten here =)

Re:Tools of Terrorism

[Maldivian]

Ofcourse, this was like the time when Rudy put the "umlaut" inside Alan. :)

For the techinically impaired and anally retentive moderators, please find clues enclosed within this sentence.

Re:Huh? please say something.

[thrig]

We need to regulate the following items from getting on a plane, as they clearly can be used to hijack a plane:

1. Box of kleenex
2. Scotch tape
3. Brown wrapping paper
4. LED Panel with big red numbers
5. (optional) Garage door opener with big red button
6. Human to assemble "bomb" and wave it around in threatening fashion once plane airborne

Regulating above does nothing to solve the root of the problem.

One time pad

[thejake316]

Unbreakable. Ancient. Easy to code. Not technically "encryption" depending on how you define the term, but does the same thing. Add in some arbitrary obfuscation (one if by land, two if by sea) and some steganeganogginagraphitti if so inclined and I'd say you're as secure as with a few passes of DES, a pass of Blowfish, and a UUENCODE-style alpha only conversion followed by 26 passes of ROT-13.

How do y0u k.now thi.s post is..n't a s.3cr.et messa.ge? Ar.e y.o.u pa..ra.n0id? The eagle flies at dawn, leave no stone unturned, and now a message for Mr. and Mrs. America and all the ships at sea: the walrus is cold at night.

14 23 27 19 10 12 88