Has this photo been de-stegoed?

Tyler Durden camera_lumina at hotmail.com
Wed Dec 10 16:12:30 PST 2003


Well, that sounds reasonable on the face of it, but there's got to be a lot 
more discussion before I'm convinced.

Remember that psuedorandom or encrypted data has a certain noise spectrum. 
This noise spectrum is extremely different based on what PRBS one is 
using...PRBS 2^23-1 looks completely different from other 'noise' (and 
remember noise is a relative term).

If you spatially fft a random photo, you'll find that the image detail 
energy largely occupies certain bands. These are not the bands that stego 
uses (or so I assume...it really can't be otherwise). The stego-able 
spectrum will indeed be noise, but this noise will have a certain spectrum.

Stego, done well, will I assume try to mimic this noise, but there may be 
problems. If the message is encrypted, then merely loading that message into 
the photo will, I assume, NOT result in a noise spectrum that looks like 
real noise. So you'll need some kind of chopper or spectrum-spreader I 
guess.

If no chopper's used, however, I'm guessing that stego-ed 'noise' doesn't 
look like true photo noise. If the photo has been de-stegoed stupidly (ie, 
by writing a random message in its place), that noise won't look like photo 
noise. So it seems to me that you'd need a sophisticated agent to make the 
de-steoed photo look like it never had stego. In other words, if the FBI are 
your man-in-the-middle, then you'll be able to detect that the photo was 
de-stegoed. If the NSA is your man-in-the-middle, you might not be able to 
tell.

Any of you TLA lurkers wanna come in on a remailer and set me straight?

-TD





>From: "A.Melon" <juicy at melontraffickers.com>
>To: cypherpunks at minder.net
>Subject: Re: Has this photo been de-stegoed?
>Date: Wed, 10 Dec 2003 13:28:31 -0800 (PST)
>
>Tyler Durden (camera_lumina at hotmail.com) wrote on 2003-12-08:
> > Is it possible to determine that the photo 'originally' (ie, when it was
> > sent to me) contained stegoed information, but that it was intercepted 
>in
> > transit and the real message overwritten with noise or whatever?
>
>Hardly, given the simple fact that well-encrypted content is
>indistinguishable from noise.

_________________________________________________________________
Dont worry if your Inbox will max out while you are enjoying the holidays.  
Get MSN Extra Storage!  http://join.msn.com/?PAGE=features/es





More information about the cypherpunks-legacy mailing list