DMCA has pushed me to my limit.
Ray Dillinger
bear at sonic.net
Wed Jul 18 08:07:01 PDT 2001
I keep looking at the whole stego thing. But the basic problem
remains the same. Stego relies on the *method* being secret,
which stands in stark contrast to kerchoff's principle. I mean,
sure, you can stego encrypted stuff so nobody who recovers it
can read it, but if you use any of the "available" programs,
there will always be utilities that can detect your encrypted
stuff and, usually, extract it.
In a proper stego system, the stegotext must be *undetectable* by
people who don't have the key -- even if they have the stego program
used. I don't know of any which meet that criteria. For one thing
they mostly work on lowest-significant-bits and leave the rest of the
carrier text alone. It's pretty simple to detect that the LSB's
have increased entropy, or represent inconsistent gradients of color
on the smallest scales.
One thing that is an absolute dead giveaway, and I see a lot of
stegograms out there that have this built in, is that in graphic
files, the number of pixels is increased by interpolation, either
in the digital camera/scanner, or after the image is made by a
graphics editor, before the steganography is done. The problem
with this is that interpolation is done by highly predictable
algorithms which dictate the relationships of each pixel (including
the LSB) to its neighbors. When you take this regular system of
linear-equations-with-a-simultaneous-solution and then impose
your stegotext on it, it stands out like a sore thumb.
*sigh*. I will not use a stego system unless I write it first and
my recipient has the only other copy. Because it's a matter of
keeping the *method* secret, that's really the only way.
Bear
More information about the cypherpunks-legacy
mailing list