What kind of encryption to incorporate?
I'm finishing up on a stegography(sp?) program that uses GIF and WAV files. It was inspired by Cypherella's Stego program for the Mac. In the program, I incorporate the filename, length, then data to the GIF or WAV file. RIght now, I just use a basic secrey key encryption. It will XOR each data byte with a byte in the password and repeat this. Is there a better way to encrypt the data that is just has easy to code? Sorry if this an FAQ. I couldn't find an FAQ for this group. Michael Ko / ...the chances of getting picked up by another/ The Invincible \ / ship within those thirty seconds are 2 to the / vincie@cs.jhu.edu \ \ power of 276709 to one against." - From The \ Computer Science Depart. / \ Hitchhiker's Guide to the Galaxy - D. Adams \ Johns Hopkins University/
Michael Ko: | I'm finishing up on a stegography(sp?) program that uses GIF and WAV | files. It was inspired by Cypherella's Stego program for the Mac. | In the program, I incorporate the filename, length, then data to the | GIF or WAV file. RIght now, I just use a basic secrey key encryption. | It will XOR each data byte with a byte in the password and repeat this. | Is there a better way to encrypt the data that is just has easy to code? A filename and length give away the fact that something is hidden. If you only hide encrypted data, and no plaintext of any sort, then the file can not be automatically detected; it can ony be seen by someone who can decrypt it. There are lots of real encryption schemes beyond XOR out there. Take a look at the source archive in goblin.dsi.unimi.it Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker.
On Fri, 29 Jul 1994, Adam Shostack wrote:
A filename and length give away the fact that something is hidden. If you only hide encrypted data, and no plaintext of any sort, then the file can not be automatically detected; it can ony be seen by someone who can decrypt it.
... well almost. It's trivial to write a program that extracts the LSB's from a GIF file and then determine their randomness. Truly random data gives away the presence of an encrypted file. The solution is to choose the LSB's that you alter according to the output from a decent random number generator so that each LSB has a probability of being altered. - Andy
... well almost. It's trivial to write a program that extracts the LSB's from a GIF file and then determine their randomness. Truly random data gives away the presence of an encrypted file. The solution is to choose the LSB's that you alter according to the output from a decent random number generator so that each LSB has a probability of being altered.
Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. It, along with WNSTORM can be used to build a decent steganography system that makes use of existing LSB's to hide the presence of stego. If you like, feel free to build a GIF module for it. (WNINJECT uses PCX right now and I haven't had the time to mess with GIFs.) If you guys are seriously interested, I'm more than willing to lend a hand. You can certainly use WNSTORM and it's tools to build something better (as long as you give me some credit for the original work. :-) Basically you first use WNINJECT to extract the LSB's out of a PCX image, then you feed those LSB's into WNSTORM which encrypts into them but leaves most of them untouched and doctors some of the bits against statistical analysis) then you take the output from WNSTORM and WNINJECT's it back into the PCX giving you a stegoe'd image that closely matches the original and which is hard to detect that it has a change unless you have the original.
On Mon, 1 Aug 1994, Arsen Ray Arachelian wrote:
Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. It, along with WNSTORM can be used to build a decent steganography system that makes use of existing LSB's to hide the presence of stego. If you like, feel free to build a GIF module for it. (WNINJECT uses PCX right now and I haven't had the time to mess with GIFs.)
I've seen it. I'm the guy that wrote s-tools (available from ftp.dsi.unimi.it). My package will hide files in GIFs, BMPs and WAVs, using the probabalistic method that I described, and using decent (but damn slow) quantization to reduce the original colour resolution. Built-in encryption methods are IDEA, DES, 3DES, MPJ2 (128, 256, 384, 512 bit keys) and NSEA. Operating modes are selectable from ECB, CBB, CFB, OFB and PCBC. If you are going to download it, make sure you get version 2. I'm currently on the look out for new steganography ideas (you might have seen the patches I wrote that allow files to be hidden in gzip compressed files). I thought of a load of obvious stuff like adding/not adding spaces at the end of lines of a text file, carefully choosing assembler instructions where two are available, etc. Has anyone got any more ideas? Regards, - Andy
Andrew Brown <a.brown@nexor.co.uk> writes:
I'm currently on the look out for new steganography ideas (you might have seen the patches I wrote that allow files to be hidden in gzip compressed files). I thought of a load of obvious stuff like adding/not adding spaces at the end of lines of a text file, carefully choosing assembler instructions where two are available, etc. Has anyone got any more ideas?
One possibility would be to right-justify your text, as a few people like to do, then to tweak the algorithm for inserting spaces into lines to depend on the next bits of the embedded mes- sage. Generally, you have N spaces to insert into M word breaks. If M divides N, you don't have any choice, but otherwise you have N mod M "leftovers" to distribute among M. This would allow several bits per line. Hal
participants (5)
-
Adam Shostack -
Andrew Brown -
Hal -
rarachel@prism.poly.edu -
vincie@blaze.cs.jhu.edu