[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: really undetectable crypto
At 07:26 PM 9/12/96 -0700, [email protected] wrote:
>Most everybody on the list is familiar with the technique of hiding
>encrypted messages in the LSBs of image files. Personally, I would not
>use such a technique because don't I believe it's really undetectable.
>I assume, without proof, that the LSBs of images files have statistical
>properties that are sufficiently different from encrypted data that a
>clever person could determine whether or not an image file contained an
>imbedded encrypted message.
First of all, they should at most be able to tell that there are
random-looking-noise bits in there - if they start seeing patterns of
------BEGIN PGP ENCRYPTED SECRET MESSAGE------
you haven't done your job, though there are more subtle patterns
that are more annoying to hide, like the slight bias of an RSA-encrypted
piece of data; Hal Finney and others have written about this in the past.
Hiding Depends substantially on the image source and the compression
methods, if any, used on the image. For instance, a 24-bit true-color
image or 8-bit grey-scale image from a scanner with 6-bit resolution
will be pretty noisy in the LSBs, and if the Bad Guys are clever enough
to find the patterns in them, you can be clever enough to find them
and encode your initially-pseudorandom cyphertext stegobits in a way
that matches the stats of the noise. On the other hand, if you
take the LSBs of cartoon data, with large areas of solid colors,
and start dithering them with stegobits, it's obvious you're up to
something, if not necessarily what it is - be careful.
Ron Rivest posted a message on coderpunks mentioning somebody's
suggestion of building an internet-phone sort of program that
shoves stegobits into the voice compression. I'd be extremely surprised
if you could do that with the fancier compression algorithms,
such as CELP, LPC, and friends, but it shouldn't be too hard with the
looser compression algorithms such as ADPCM and Delta-Modulation,
which need 16-32kbps and can run on really dumb processors -
you've got more bits per second to hide in, can get away with
stealing more of them, and there isn't any real subtle prediction stuff
going on that you've got to work around. Given that most of the
popular Internet Phone products don't do encryption (sigh...),
this would at least be a good cover. (Well, assuming you've got a
credible voice conversation going and aren't saying things like
"OK, Carlos, let me send you the secret message starting ... NOW".)
[tricks #1,2 - picking your cleartext so the RC4/40 cyphertext or MD5s
have chunks of the real stego-cyphertext you want - cute.)
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs">
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto