Has this photo been de-stegoed?
Tyler Durden
camera_lumina at hotmail.com
Wed Dec 10 16:12:30 PST 2003
Well, that sounds reasonable on the face of it, but there's got to be a lot
more discussion before I'm convinced.
Remember that psuedorandom or encrypted data has a certain noise spectrum.
This noise spectrum is extremely different based on what PRBS one is
using...PRBS 2^23-1 looks completely different from other 'noise' (and
remember noise is a relative term).
If you spatially fft a random photo, you'll find that the image detail
energy largely occupies certain bands. These are not the bands that stego
uses (or so I assume...it really can't be otherwise). The stego-able
spectrum will indeed be noise, but this noise will have a certain spectrum.
Stego, done well, will I assume try to mimic this noise, but there may be
problems. If the message is encrypted, then merely loading that message into
the photo will, I assume, NOT result in a noise spectrum that looks like
real noise. So you'll need some kind of chopper or spectrum-spreader I
guess.
If no chopper's used, however, I'm guessing that stego-ed 'noise' doesn't
look like true photo noise. If the photo has been de-stegoed stupidly (ie,
by writing a random message in its place), that noise won't look like photo
noise. So it seems to me that you'd need a sophisticated agent to make the
de-steoed photo look like it never had stego. In other words, if the FBI are
your man-in-the-middle, then you'll be able to detect that the photo was
de-stegoed. If the NSA is your man-in-the-middle, you might not be able to
tell.
Any of you TLA lurkers wanna come in on a remailer and set me straight?
-TD
>From: "A.Melon" <juicy at melontraffickers.com>
>To: cypherpunks at minder.net
>Subject: Re: Has this photo been de-stegoed?
>Date: Wed, 10 Dec 2003 13:28:31 -0800 (PST)
>
>Tyler Durden (camera_lumina at hotmail.com) wrote on 2003-12-08:
> > Is it possible to determine that the photo 'originally' (ie, when it was
> > sent to me) contained stegoed information, but that it was intercepted
>in
> > transit and the real message overwritten with noise or whatever?
>
>Hardly, given the simple fact that well-encrypted content is
>indistinguishable from noise.
_________________________________________________________________
Dont worry if your Inbox will max out while you are enjoying the holidays.
Get MSN Extra Storage! http://join.msn.com/?PAGE=features/es
More information about the cypherpunks-legacy
mailing list