RE: steganography

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Thu Sep 20 2001 - 12:42:31 MDT


Eugene Leitl wrote,
> For all practical purposes, a public binary blob containing state of the
> art steganography will a) never be recognized as such b) even if, the
> strong cryptosystem used will not be broken within a time window counted
> in decades.

Be careful, "never" is a long time. Current public binaries are ALL
detectable right now with freebie tools available on the Internet. The only
exception seems to be the outguess tool, and even it turns out to have been
detectable in previous versions. The track record on these "undetectable"
tools is virtually 100% failure. So far, everything even hidden in this way
has turned out to be detectable after a little analysis.

I'm not saying they're not good, but nobody should send a message over the
Internet using these tools under the mistaken belief that they will "never"
be detected. Since all previous tools were flawed, all previous
"undetectable" messages are going to be read. There are many project
underway right now to scan Deja/Google archives of pictures for these flawed
messages to get a history of what was previously thought to have been
"undetectable".

This mirrors my security experience with virus checkers, encryption tools,
and secure operating systems. They all come out and claim to be perfect for
six months. They the new release comes out listing all the flaws in the old
version. But they promise that the new version is finally "uncrackable". I
have not seen any of these perfect programs last for more than a year. We
shall see if the latest version of outguess (published in February) last
that long. So far, it has been the best attempt yet.

But I wouldn't bet all my secrets on it.

--
Harvey Newstrom <http://HarveyNewstrom.com> <http://Newstaff.com>


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:10:52 MST