Re: steganography

From: hal@finney.org
Date: Wed Sep 19 2001 - 23:00:54 MDT


Spike writes:
> Harvey Newstrom wrote:
> > Remember that standard graphic algorithms, such as GIF or JPEG, use industry
> > standard mathematical algorithms to compress data and smooth insignificant
> > variations. It is easy to use these algorithms to predict how color should
> > have been smoothed and to detect bits that deviate from the expected values...
>
> I can think of a way to bust this. Take a 256 color JPEG, unmodified
> in any way. Take your message, convert it to ASCII. Search for the
> first character in the photo, record the position of that byte, proceed
> to the second, etc. Granted you need a really colorful photo to make
> this work, such as a Mardi Gras celebration. When you are finished,
> PGP encode the character string that tells the decoding program where
> to find each pixel, which it converts back into the message. Once again
> you have a photo in which one cannot prove an encoded message
> exists.

You have not actually embedded the message in the photo, though,
because you have to send this extra PGP encoded string to carry the
message. The goal of steganography is to embed a secret message in an
innocent-looking cover document (like a photo) in such a way that no
one suspects that a secret message is present. If you have to send a
PGP encrypted string, you really might just as well use PGP to encrypt
the message and forget the photo.

> Does this algorithm have a name? spike

If you did not PGP encode the string which told the positions in the
picture where the desired objects were found, it would be a variation
on a book cipher. In the old days the spy and his home base would share
a book, and send messages which were the positions of the desired words
in the book. You have done the same thing with a picture.

Hal



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:10:51 MST