At 7:18 PM 03/04/96, Jim Miller wrote:
The recent discussion "Chaff in the Channel" got me thinking about an alternative to hiding random bit streams in picture files. The goal of steganography, as I see it, is to provide plausible deniability. The problem with hiding bit streams is that you can never be sure if the opponent has developed an analysis technique to prove a particular file contains a suspicious bit pattern.
The way I understand steganography working, you would use it to hide mathematically random data. Mainly encrypted data. Like a PGP encrypted message, but with all PGP headers and other non-random data removed. Photos are a great medium for steganography, since they already contain noise of various sorts. So a good steganography algorithm (which I understand exists) merely changes the values of the noise so that it now encodes your (random) message. So there's no way to look for "suspicious bit patterns", and even if you use a publically available stego program to encode your data, and they use the same program to unstego your data, all they wind up with is a random bit stream, and they have no way of telling if it's just noise in the picture or your PGP encrypted message. So you already have all the plausible deniability you need, and I don't see how Jim's method is an improvement. Of course, if they have methods to crack PGP encrypted messages, and they use it on yours even without being sure it is an encyrypted message, and eventually wind up with a clear text message, well, then they've got your clear text message. And you are unlikely to be able to claim that it's just a coincidence they managed to extract several paragraphs about laundering money in bermuda from the GIF or orca the killer whale. But this is true of any stego method--if they can manage to get a cleartext message out of it, plausible deniability is unlikely to get you far. Am I wrong about any of the above?