Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hiding Secrets With Steganography On FreeBSD

Posted by Hemos on from the hiding-it-together dept.

BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."

7 of 424 comments (clear)

  1. Steg is fairly useful, but it is crackable by j0keralpha · · Score: 4, Insightful

    I use steg sometimes to pass messages i dont want out in plaintext or overtly encrypted, but it has to be passed in such a way that it isnt apparent that a message is there (i.e. email to brother 'See these pics of grandma!'). It is not a foolproof method, but its very useful when you realize you cant trust the encryption itself to hide the message.

  2. Re:The great thing about being disorganized... by Lumpy · · Score: 4, Insightful

    you got modeed funny but this is a very useable and strong way of hiding. Not only files but attacks and most anything else.

    If I upload 500 photos a month to the net Each of them contain something in the photo (results of /dev/random in random lengths) and then I fire off one photo in a group of others that has real information, the chances of it being found or even noticed is lower than having a encrypted file cracked.

    I've seen this used many times and is used in nature by birds and fish...

    a school of 500 fish makes it impossible for a predator to single out one specific fish.

    --
    Do not look at laser with remaining good eye.
  3. Re:No... by johndiii · · Score: 5, Insightful

    The analogy isn't security through obscurity, it's finding a better place than behind the painting to hide the safe. Or, perhaps more accurately, securing one's valuables in something that is not recognizable as a safe. If the burglar had to look at a thousand books to determine if even one of them had a secret compartment, it would be a much more effective security measure than a safe behind a painting.

    If you are using stegged files (they do not have to be images) to communicate with others, then you are hiding the channel. This is a potentially very useful mechanism against automated monitoring tools, particularly if the data is first encrypted. Isolated information in high-volume channels can be very hard to detect. Another use would be to help defeat traffic analysis.

    This is not to say that steganography is a magic means of information hiding. But it is one of the useful tools.

    --
    Floating face-down in a river of regret...and thoughts of you...
  4. Yes, except by Moderation+abuser · · Score: 4, Insightful

    In some countries you can go to prison for using cryptography, in other more enlightened countries you can go to prison for not handing over the keys when asked by the guys in jack boots or for talking about the fact that you've been raided.

    --
    Government of the people, by corporate executives, for corporate profits.
  5. Re:Good stuff, but... by jmv · · Score: 4, Insightful

    Not exactly. As someone suggested, it's possible to encrypt first, but the real advantage is that if done properly, nobody can even prove you sent a message. Even if the interceptor knows the steganography method, unless they have the key, they can't prove the last bits of your wav file is a secret message and not just normal noise from your microphone.

    --
    Opus: the Swiss army knife of audio codec
  6. Re:No... by Ayaress · · Score: 5, Insightful

    Keep in mind that the article said that hiding messages in images is NOT a great way to hide important stuff by itself, but that it could be used as a second layer of security. Lets have four people, shall we? They all run servers, and they all have an important file on there they don't want other people to find. Johnny keeps his file unencrypted and unhidden. Billy keeps his encrypted, but unhidden. Mike hides his in an mp3, but unencrypted. Joe hides his in a jpeg after encrypting it. Johnny's most likely to have his stolen, obviously. But Billy's file is more likely to be found than either Mike or Joe's, even though Mike's has no encryption on the file itself. Even though the person who took Billy's file doesn't have the information in it, finding it it one step closer to stealing it. Now, Mike and Joe are both considerably less likely to have this file found, unless the data theif expects them to hide it in a media file like this. On the off chance that the hacker DOES find the file, though, Mike's is as good as stolen, just like Johnny's. However, Joe is the most secure of the bunch. Not only is his file encrypted, but it's also hidden, meaning it's unlikely that the hacker will even get the encrypted version. They can't crack what they can't find. Even after what Johnny did, he can go furthur. Encrypt his password, hide the text in an image, rename the image to a .dll or .o and hide it in a system directory. Sure, it's not 100% secure, but it's better than leaving even the most secure file laying around.

  7. Re:Is this limited to FreeBSD only? by Rebar · · Score: 5, Insightful

    One facet of data security is deniability. Which would you rather the Department of Homeland Security find on your hard drive:
    /documents/plan_for_world_domination.pgp
    or
    /wallpaper/cute_puppies.png?

    A securely encrypted message, hidden in a file with ostensibly another purpose, such that there is no way to prove the existence of the hidden message would keep anyone from telling you: "Reveal the secret key to this obviously encrypted file, or face contempt of court and an automatic prison sentence."