[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

really (?) undetectable crypto

To: [email protected], [email protected]
Subject: really (?) undetectable crypto
From: [email protected] (Peter M Allan)
Date: Fri, 13 Sep 96 13:55:32 BST
Sender: [email protected]




 >  [email protected] wrote on CP:
 >  
 >  Most everybody on the list is familiar with the technique of hiding  
 >  encrypted messages in the LSBs of image files.  Personally, I would not  
 >  use such a technique because don't I believe it's really undetectable.  I  
 >  assume, without proof, that the LSBs of images files have statistical  
 >  properties that are sufficiently different from encrypted data that a  
 >  clever person could determine whether or not an image file contained an  
 >  imbedded encrypted message.
 >  

Not to mention 7 out of 8 bits may reveal the image to be a library one
your enemy has access to.  The changes will betray the stego.
Your own scanned snapshots may be safer from this point of view.

 >  Fortunately, there are other steganographic techniques that, I believe,  
 >  are undetectable.  The trick is to hide your encrypted bits in other  
 >  encrypted bits.
 >  
 >  trick #1)   Let's say you want to send a short encrypted message via a  
 >  communications channel that only allows cleartext messages with optional  
 >  MD5 message hashes.  You can construct cleartext messages, via  
 >  trial-and-error, such that the first 4 or 8 bits (or more, if you have the  
 >  time) of the MD5 hash match the first 4 or 8 bits of your encrypted  
 >  message.
 >  
 >  Since the bits in an MD5 message hash are presumably cryptographically  
 >  random, there should be no way to tell if some of the bits combine to make  
 >  an encrypted message.

What about Walter making insignificant changes to the cleartext and
replacing the hash with the new hash?   Because you are using an unkeyed
hash (and not a sig) he can do that and foul up the stegomessage (not
that he'll yet be sure there is one).

 >  trick #2)  Let's say you are allowed to use 40 bit encryption, but nothing  
 >  stronger.  As in trick #1, you can pre-compute plaintext messages such  
 >  that the first 4 or 8 of the bits in the output of the government-approved  
 >  40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted  
 >  message.
 >  

Walter can still play silly spooks with your stego if he breaks the 40-bit encryption.

The cyphertext/plaintext ratio looks like getting really huge too.  Your messages
must all arrive, and retain the right order.  


 -- Peter Allan    [email protected]

Prev by Date: Re: Observer's defense of "Internet Pornography" article
Next by Date: Re: [Long] A history of Netscape/MSIE problems
Prev by thread: Re: 260_0it
Next by thread: Re: really (?) undetectable crypto
Index(es):
- Date
- Thread