[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak steganography

To: [email protected]
Subject: Re: Weak steganography
From: J. Michael Diehl <[email protected]>
Date: Thu, 24 Jun 1993 00:58:20 -0600 (MDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "[email protected]" at Jun 17, 93 10:45:28 am

According to [email protected]:
> There are a couple of problems with the idea of sticking encrypted
> files onto the end of executable files.  The first is, to make this
> easy, you need a program to do it (and to "undo" it).  Well, if someone
> steals your computer and gets access to these files, they will probably
> also get access to this program.  This will tip them off to what you have
> done.

The technique I advocated was so simple, I could code it on my lunch hour at 
work.  I did.  If you didn't want to have such a thing on your machine, you 
could store it remotely, either on an ftp site or a local bbs.  Clean up 
your hard disk and there is no sign of anything.

> This is an example of the general principle that you need to assume that
> your attackers know or can discover the methods you are using, but they
> don't know the keys.

If steganography is to work, we must find ways to make this "principle" invalid.
Strong encryption will protect our "plain-sight-text."  It falls to Data-hiding
to protect our cyphertext.

> Another problem is that encrypted files look different from executable
> files.  Encrypted files have a uniform histogram (that is, all 256 different
> possible byte values are equally frequent), but exe files do not.  The
> appending of an encrypted file to an executable file will be very obvious.
> The exact boundary may not be immediately apparent, but it can probably
> be narrowed down to ten or twenty words without much effort at all.  In
> any case, exe files which have had this treatment will stick out like a
> sore thumb.

I was going to suggest, but Phil beet me to it, that we compress our executables

> Last, XOR'ing a PGP file with a repeated string is probably not a very
> good method.  PGP has a header at the front whose structure is known and
> which has some fixed bytes.  These can be used to immediately recover some

Well, we could do a lot of things here.  We could have the option of xor'ing,
adding, or subtracting....  We could add random bytes to the cyphertext, at 
offsets we specify and memorize....  I still think this could be done, and that
it would work.  If anyone else shares my enthusiasm, I'll try to get it coded up

+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-)  | I thought I was wrong once. | PGP KEY |
| [email protected] |   But, I was mistaken.      |available|
| [email protected]   |                             | Ask Me! |
| (505) 299-2282        +-----------------------------+---------+
|                                                               |
+------"I'm just looking for the opportunity to be -------------+
|            Politically Incorrect!"   <Me>                     |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone?  If you don't know, ask me---+

References:
- Weak steganography
  - From: [email protected]

Prev by Date: Re: Government fear of strong crypto
Next by Date: Testing remailers
Prev by thread: Re: Weak stegosaurs
Next by thread: Re: Weak steganography
Index(es):
- Date
- Thread