[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: art-stego



At 7:18 PM 03/04/96, Jim Miller wrote:
>The recent discussion "Chaff in the Channel" got me thinking about an
>alternative to hiding random bit streams in picture files.  The goal of
>steganography, as I see it, is to provide plausible deniability.  The
>problem with hiding bit streams is that you can never be sure if the
>opponent has developed an analysis technique to prove a particular file
>contains a suspicious bit pattern.

The way I understand steganography working, you would use it to hide
mathematically random data.  Mainly encrypted data.  Like a PGP encrypted
message, but with all PGP headers and other non-random data removed.
Photos are a great medium for steganography, since they already contain
noise of various sorts.  So a good steganography algorithm (which I
understand exists) merely changes the values of the noise so that it now
encodes your (random) message.  So there's no way to look for "suspicious
bit patterns", and even if you use a publically available stego program to
encode your data, and they use the same program to unstego your data, all
they wind up with is a random bit stream, and they have no way of telling
if it's just noise in the picture or your PGP encrypted message.   So you
already have all the plausible deniability you need, and I don't see how
Jim's method is an improvement.

Of course, if they have methods to crack PGP encrypted messages, and they
use it on yours even without being sure it is an encyrypted message, and
eventually wind up with a clear text message, well, then they've got your
clear text message.  And you are unlikely to be able to claim that it's
just a coincidence they managed to extract several paragraphs about
laundering money in bermuda from the GIF or orca the killer whale.  But
this is true of any stego method--if they can manage to get a cleartext
message out of it, plausible deniability is unlikely to get you far.

Am I wrong about any of the above?