stegedetect & Variola's Suitcase

Joseph Holsten pantosys at
Tue Sep 7 09:02:42 PDT 2004

On Tue, 07 Sep 2004 11:22:28 -0400, Tyler Durden
<camera_lumina at> wrote:
> How fast can dedicated hardware run if it were a dedicated Stegedetect
> processor?
> In other words, how easy would it be for NSA, et al to scan 'every' photo on
> the internet for Stego traces? (And then, every photo being emailed?)
Although I haven't looked at the code behind stegedetect yet, I can
assume that a single dedicated processor would be less efficient that
perhaps two or three dedicated processors. Some steg (appendx,
camouflage) isn't steg, just data appended to the end of the file, in
valid jpeg encapsulation. Real steg (f5, jsteg, jphide,  steghide)
would require looking at more data, for more time. it would be a waste
to have the same processor working on appended data and real steg.
Quick answer: I don't know / Depends on the data.

> And then, how fast can someone write a worm that will make every photo
> stored on a harddrive look like it's been stegoed?
Again, you'd have to decide between real and fake steg. Appending a
fortune message to the end of an image would be really quick, and
would alert stegedetect. But if you want to signal the nsa, you'd need
real steg with real (but breakable) crypto. The difference is quick
perl script versus a modified jpeg library.
who are ya tryin to fool?
-pantosys at

More information about the cypherpunks-legacy mailing list