Stego file system (Was: Inaccurate study)u

Julian Assange proff at iq.org
Mon, 6 Apr 1998 20:14:55 +1000 (EST) 

> >It's actually far more complicated than this. Don't forget that
> >magnetic drives record far, far more than you want them too. i.e
> >previous over-written "layers" of information (which can be got at
> >with stm techniques), relative magnetic domain leakage into unused
> >areas, relative field strength surface areas, and chemical changes
> >in the recording surface in response to magnetic changes (writes)
> >can all be used to show that "other" areas of the drive have been
> >used.
[..]
>  In fact, I suspect the best attack on such a stego filesystem would
> be to do a search, impound the computer for a bit, put a bit of binary
> knowledge in the executable and standard compiler to leak stego key,
> claim you found nothing, and then give it back to the subject. As long
[..]

No impounding required. A covertly placed keyboard bug, or trojan
does the job just fine. If you don't have physical security or
physical anonymity (watch this latter point become a real issue
for the eve's and mallet's of this world), then you don't have
security. Babe, sleep with your lap-top. One of the nice things
about marutukku is that it can work over NFS (a Marutukku
cryptographically deniable file system can be embodied in just a single
file, after all). i.e your media need not be secure.

> >half of his paper (which was otherwise pretty good). Marutukku uses
> >a block-swaping/re-encrypting algorithm to prevent these kind of
> >magneto-statistical attacks, but the issue is so complex to deal
> >with *efficiently*, that I'm unable to prove Marutukku's effectiveness
> >against such an attack. 
> 
>  True. I presume this stuff is all on http://www.underground.org ?
> (that site appears to be down right now - no route to host - so I'm
> afraid I can't check).

Aleph1's underground.org machine was hosted at best.net, but has
rather unfortunately, gone the way of the dodo. "Underground"
 - the truly wonderful book (;) by Suelette Dreyfus and myself can
now be found at <URL:http://www.underground-book.com>.

The Marutukku distribution made available on underground.org
in November last year hasn't been relocated. As you maybe aware it
was only an alpha snapshot anyway. The code was becoming
reasonably popular, and I felt quite uncomfortable about having
alpha code out there, given its purpose and stated claims, when
various implementation bugs had cropped up during testing. I decided
not release the distribution again until it was completely out of
development. I know how truly awful I'd feel if someone trusted
life or liberty to the code (disclaimers or not) and it somehow
failed them.

Cheers,
Julian.