                           .-------------------.
                            !Snego !Help file 
                           '-------------------'

Version: 1.0 (12 July 2000)

Author: Nat Queen <n.m.queen@birmingham.ac.uk>

Primary distribution site: http://web.bham.ac.uk/N.M.Queen/pgp/acorn.html

Purpose: To make life more difficult for the spooks!


What does it do?
================

!Snego is a companion program for !Stego, the program which implements a
form of steganography by hiding messages in innocuous-looking sprite files.

!Snego does two things:

First, it generates sprites which have exactly the same format and visual
appearance as those produced by !Stego, but without hiding any real data.

Second, for users of PGP only, it can generate random PGP messages, using
conventional encryption. What is the use of that? Suppose that you live in a
country where the secret police can demand that you decrypt any encrypted
files in your computer. If you have a copy of !Snego, you will be able to
*prove* that you cannot decrypt all your PGP files. Nor will anyone else be
able to decrypt them, because *nobody* knows the pass phrase or the original
text. This is how it works:

!Snego generates a random dummy 'message' and encrypts it with a long random
pass phrase. Neither of these is ever seen by the user. The original dummy
message is securely wiped from the disc after being encrypted, making its
recovery impossible, and the random pass phrase exists only temporarily in
memory. Only the encrypted message is saved.

If the secret police want you to decrypt your PGP messages, there would be
no way for them to distinguish between !Snego's output and any other PGP
message containing real data. The only way would be to break PGP, which no
one can do with existing technology. Only you would know which PGP files
contain real data. Of course, it might be a wise precaution, in case you are
ever subjected to strong methods of 'persuasion' to reveal your encrypted
data, to adopt a special-purpose pass phrase to encrypt some real data which
you wouldn't mind revealing under pressure, such as granny's favourite
recipes.

If your use of !Snego with PGP is queried, you can point out many legitimate
reasons for using it: to study the programming; to analyse the format or
statistical properties of PGP messages; to use this output as one of the
best sources of pseudorandom numbers with good statistical properties, as
is required for many scientific purposes; or simply to generate the nice
sprites which !Snego also produces as a by-product.


How to use !Snego
=================

Double-click on its icon. You will be asked for the length of the dummy
message to be generated. This must be at least 20 bytes. Enter a number and
press <Return>.

The result depends on whether or not PGP is found in your computer. PGP will
be 'found' only if it has been properly installed. In particular, the system
variable PGPPATH must be defined, as explained in the PGP manual.

If PGP is *not* found, !Snego will generate a random dummy message of the
specified length and then encode this message inside a sprite file, exactly
as !Stego would do it. The original dummy message is deleted. [If you want
to see the original dummy message, you can use !Stego to recover it from the
sprite file.] A directory window will open, showing the resulting sprite
file. When these sprites are viewed, they often show attractive patterns,
especially for fairly short dummy messages. The pattern will be different
every time you run !Snego. Try it, for example, with dummy messages of 100
or 200 bytes.

If PGP *is* found, !Snego will generate a random dummy message of the
specified length, encrypt it with PGP's conventional encryption using a
random pass phrase, and finally encode the message in a sprite file exactly
as !Stego would do this. A directory window will open, showing both the
non-decryptable PGP message and the corresponding sprite file. The original
dummy message and the pass phrase will be irretrievably lost.


Some notes about security
=========================

Without PGP, !Snego and !Stego provide only casual security, since anyone
with a copy of !Stego can recover a message that has been hidden in a sprite
file by either of those programs.

To avoid possible misunderstanding, it should be pointed out that the
PGP files generated by !Snego can easily be distinguished from files
encrypted with PGP public keys, as is commonly done for secure e-mail.
Suppose that you receive a PGP message encrypted with your public key.
Anyone who understands how PGP works can check that this message was
encrypted with your public key (or at least with a key having your keyID).
It would be difficult to claim that you cannot decrypt it, since you
presumably own the corresponding secret key and ought to know the pass
phrase to unlock it. But you can protect such messages by applying an
additional layer of PGP conventional encryption, which would then make them
indistinguishable from any 'decoy' encrypted files, as described above, or
any non-decryptable files created by !Snego.

!Snego has the rare distinction of fulfilling its purpose even if it is never
actually used. Since there is no way for anyone to distinguish between
conventionally encrypted messages containing real data and those generated
by !Snego, the very fact that you keep a copy of !Snego is sufficient to
make identification of your 'real' encrypted messages impossible.


Why is it called !Snego?
========================

The name derives from the Russian word 'sneg', meaning 'snow'. This is a
program to help you cover your tracks!


Legal notice
============

!Snego is freeware. The copyright is retained by the author, Nat Queen. You
may copy and distribute this software freely as long as none of the files
are altered or removed. If you distribute !Snego in any PD library, magazine
cover disc or CD, or on any site on the Internet, please drop a line about
it in my mailbox, so that I can keep you informed about possible future
updates. Any distribution method is allowed, provided that you do not make
any profit from it. This software must not be distributed as part of any
other application without my prior permission.

This software has been thoroughly tested, but no guarantee is given as to
its suitability for any purpose. The author accepts no responsibility for
any data loss, crashes or other undesired effects caused directly or
indirectly by using !Snego.

The author also accepts no responsibility for any unpleasant actions by the
secret police of any country as a result of the non-decryptable files
created by this software.