From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Fri Sep 21 2001 - 01:05:59 MDT
On Thu, 20 Sep 2001, Harvey Newstrom wrote:
> Be careful, "never" is a long time. Current public binaries are ALL
No, never means a decade or two. It's not a long time, but it's usually
enough.
> detectable right now with freebie tools available on the Internet.
Um, no. Most of them are. Not all of them.
> The only exception seems to be the outguess tool, and even it turns
> out to have been detectable in previous versions. The track record on
> these "undetectable" tools is virtually 100% failure. So far,
> everything even hidden in this way has turned out to be detectable
> after a little analysis.
I've promised providing a list of known good stego. I will, probably this
weekend, when I sift through some dead tree.
> I'm not saying they're not good, but nobody should send a message over
> the Internet using these tools under the mistaken belief that they
> will "never" be detected. Since all previous tools were flawed, all
> previous "undetectable" messages are going to be read. There are many
> project underway right now to scan Deja/Google archives of pictures
> for these flawed messages to get a history of what was previously
> thought to have been "undetectable".
Steganography works at multiple layers. First, you make it very hard to
detect, resulting in lots of crunch and lots of false positives. Second,
you put it in a known well-frequented public place, resulting in plausible
deniability due to hundreds of accesses (probably from places like
internet cafes). And of course there's strong cryptography, so even if
you extract the cipher, you have no clue for whom it is, and what it says.
In short, steganography is not your bottleneck. Human factors are.
> This mirrors my security experience with virus checkers, encryption
> tools, and secure operating systems. They all come out and claim to
> be perfect for six months. They the new release comes out listing all
Perfect doesn't exist in this unverse. Claims of perfectness and
unbreakability are a surefire sign of quantitative snake oil content.
> the flaws in the old version. But they promise that the new version
> is finally "uncrackable". I have not seen any of these perfect
I'll check what the known good stego claims are. I'm very doubtful any of
them claim to be uncrackable.
> programs last for more than a year. We shall see if the latest
> version of outguess (published in February) last that long. So far,
> it has been the best attempt yet.
>
> But I wouldn't bet all my secrets on it.
For that, use one time pads.
-- Eugen* Leitl leitl
______________________________________________________________
ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:10:52 MST