Cryptography Reference
In-Depth Information
access? What do I have to be particularly careful about when backing up
data? What risks can arise from third-party software (particularly operating
systems)?
This topic doesn't deal with these topics. Readers interested in the security
landscape can find plenty of material on the Internet, for example by visiting
the DFN-CERT servers, because the information offered there is current.
2
This
topic deals mainly with encryption algorithms and their analysis in view of the
previously explained special role cryptology plays.
Steganography
There is another method for protecting information against unauthorized tap-
ping, in addition to 'open' encryption. This method is called
steganography
,
and it hides messages in messages. Its purpose is to hide the existence of
information rather than making it unreadable. There is no limit to the wealth
of ideas. One example: my father was never allowed to tell anybody of his
whereabouts during World War II. So in his army mail, he sort of acciden-
tally underlined a digit in a date, say 5. All my mother needed to do was
find the first letter of every fifth word in the message to recover his loca-
tion. When I heard this as a child, I was sure nobody would ever be able to
see through such a smart trick. How wrong I was! Steganography is an art
that is thousands of years old, and it had reached totally different heights, as
well as the routine of its recovery. Minimal changes to some letters, slightly
varying spaces between words, previously agreed templates — everything con-
ceivable had certainly been exploited. You can admire a so-called
semagram
in the seminal topic by Kahn [KahnCode, p.523]: the naive pen-and-ink draw-
ing of a brook with bridge, flowers, and houses. The receiver knew that
she had to look at the blades of grass along the river bank: a Morse code
had been hidden in their different lengths. Invisible ink is also something
that belongs here, and microdots — entire A4 pages are accommodated in a
single typewriter dot using microphotographic methods. (Kahn explains in
detail how to produce microdots. Just this much here: they won't help you
against surveillance anymore!) Other methods are discussed in [BauerDS] and
[BauerMM].
The usual steganography has a serious drawback: the message is not protected
by a secret and changeable key, but by a fixed method. Once the method is
2
http://www.cert.dfn.de, ftp.cert.dfn.de
