[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: art-stego




Jonathan Rochkind wrote:

> So a good steganography algorithm (which I understand
> exists) merely changes the values of the noise so that it
> now encodes your (random) message.  So there's no way to
> look for "suspicious
 bit patterns"
> 


You are assuming that the noise bits have the same statistical properties  
as cyphertext.  I would be very surprised if this were the case.  It takes  
special effort to achieve good random bit streams.  Image scanners may do  
this by accident, but then again, maybe they don't.  This uncertainty is,  
in my opinion, the fatal flaw in image-based steganography.  The same  
reasoning applies to audio-based steganography.  Unless the devices were  
specially designed to insert cryptagraphically useful bits in the output  
(or, as Tim May suggested, good garbage bits are inserted later), then you  
should not rely on the pictures or audio files to keep your messages  
hidden.

As an alternative to trying to hide bits, I proposed not hiding them at  
all, but instead creating an innocent reason for passing around files that  
contain, in some way or another, obvious random bit streams.  The first  
idea that came to mind was to use the random bit streams to create pretty  
fractal pictures.  I soon realized that any function that produces pretty  
pictures would do the trick as long as there was a way to recover the  
random bit stream given only the picture and the function.  Perhaps it  
would be possible to use random bit streams to generate cool BioMorphs  
(ala "The Blind Watchmaker").

If enough people start passing around pictures generated from meaningless  
random bit streams, then other people could use this traffic to covertly  
exchange pictures generated from meaningful random bit streams.


> if they can manage to get a cleartext message out of it,
> plausible deniability is unlikely to get you far. 

> 

You could always claim you didn't know it was there, that you just  
downloaded the picture out of curiosity.  It might help, depending on what  
country you live in.



Tim May wrote:

> Just bear in mind that this form of steganography is
> getting further away from conventional hiding, and
> into "pure plausible deniability." In fact, one need
> not even make a serious attempt to hide the encrypted
> bits: just call the encrypted file "art" and be done with
> it! 

> 


Come to think of it, if the picture files were larger than the random bit  
streams, people very well might send just the random bit streams.

"Hey Bob, take a look at the picture this creates when you feed it to the  
XYZ function (coefficient values A, B, and C)."


[email protected]


P.S. In case anyone is wondering, the reason there is a large delay  
between a post from me and a reply from me is that I'm not actually on the  
mailing list.  I read the messages by pointing my news reading at  
nntp.hks.net