What's Now State of the Art in Encryption Technology?

With the events of September 11, 2001 still vividly etched into our conscious minds, it was only a matter of time before the US Government would paint the crosshairs on their next target after Bin Laden: encryption. With Ashcroft's declaration of computers as tools of terrorism, and law-enforcement pushing for enhanced surveillance, it appears that one of the first victims of America's new war may be the privacy of her citizens. Of course, if you are concerned about privacy, you're probably wondering how to improve what protections you have in place, if any. So what are the leading-edge innovations on the encryption front right now, and how easily can such tech be adapted to everyday communications? C :In an interesting display of synchronicity, Timothy posted this article, earlier today, which notes that Steganography use isn't as wide-spread as previously thought. Deagol asks: "With the Feds pushing for encryption back-doors, and even more domestic surveillance, how can we resist this? I mean in a practical way, but at the same time taking a stand for our rights to privacy and assembly. What's the current state of the art in hard disk encryption? Email encryption? Steganography? There are many tools out there, as well as many link-farms, (I looked at many today), but many pages seem dated, and it's hard to tell who's using what in a useful implementation. So, who is using PGP or GPG? Who is using BestCrypt or Loopback Encryption, Freenet or Steganography? A privacy weenie wants to know what your daily-use setup is!"

One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.

JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?

To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.

Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.

So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"