Re: Chaff in the Channel (Stealth PGP work)
- However, I suspect that the ideal would be like cryptography: - Assume the enemy knows everything about your system but the keys. - Thus, your gifs need to look like normal gifs in the lsb. Your audio - needs to have normal levels of hiss in it. Etc. the problem with many current stego programs (jsteg/stools) is that given a data stream, they will tell you if there is data steg'ed (by the same program, of course) it in. jsteg goes out of it's way to hide it's content-length header, but jsteg can still detect jsteg headers... glenn
the problem with many current stego programs (jsteg/stools) is that given a data stream, they will tell you if there is data steg'ed (by the same program, of course) it in. jsteg goes out of it's way to hide it's content-length header, but jsteg can still detect jsteg headers...
Just a stab, but maybe this might work: Get two picures of with both at minimum sufficient size to carry the message. Use the lsb's (or any bit for that matter) of the second image to XOR with the message before stego'ing (L'eggo my S'tego :) into the first. Of course you'ld have to arrange which bit in the pad image will be used, how to associate the images, etc. before hand. --- Fletch __`'/| fletch@ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------
On Sat, 2 Mar 1996, Mike Fletcher wrote:
Just a stab, but maybe this might work: Get two picures of with both at minimum sufficient size to carry the message. Use the lsb's (or any bit for that matter) of the second image to XOR with the message before stego'ing (L'eggo my S'tego :) into the first. Of course you'ld have to arrange which bit in the pad image will be used, how to associate the images, etc. before hand.
This is horrible. If you have to ship the original untouched picture to someone, the man in the middle attack will work, furthermore, the image you use is likely already out there and when you ship the modified version to XOR, the man in the middle will be able to get the two. Basically your idea gets back to the original key distribution problem that PK schemes have solved... if you have to use a secure channel to send a passphrase along, why not use that same channel for the message as well? There are other ways to do this and NOT have it detected. See my WNS210.ZIP package. :^) (Shameless, plug, but hey, better secure than sorry.) Now if I can find a way to get WNStorm to be somehow mind-melded with PGP and produce a public key Stego system, that would be worth the trouble. :) ========================================================================== + ^ + | Ray Arachelian |Emptiness is loneliness, and loneliness| _ |> \|/ |sunder@dorsai.org|is cleanliness and cleanliness is god-| \ | <--+-->| |liness and god is empty, just like me,| \| /|\ | Just Say |intoxicated with the maddness, I'm in| <|\ + v + | "No" to the NSA!|love with my sadness. (Pumpkins/Zero)| <| n ===================http://www.dorsai.org/~sunder/========================= [This Bible excerpt awaiting review under the Communications Decency Act] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and do em right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said. "Dad's getting old. I say we should do him." So the two daughters got him drunk and did him all that night. Sure enough, Dad got em pregnant....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he whacked off first....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996]
participants (3)
-
Mike Fletcher -
Powers Glenn -
Ray Arachelian