Secret Data: Steganography v Steganalysis
gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."
I think this is the way of the future with regards to encryption. You cant crack what you cant find.
I tinkered with this for a while. Start up gnucleus, do a search for *.jpg, and grab a bunch of files to scan. Not surprisingly, many of the images were porn (it's for research purposes, I swear!)
The biggest problems were 1. most (actually, all) of the images that came back as good candidates for having embedded images came back as false positives and 2. lack of a brute-force steg break utility.
number 2 is probably a result of poor searching on my part, but I honestly couldn't find a recent, (and free) tool that would do a brute force crack on embedded images. At the time (a few months back) I was using stegbreak and stegdetect.
So, is there anything better? anyone else have any luck?
There are some people that if they don't know, you can't tell 'em.
I can certainly see the use in espionage, hiding the real message in the static, as it were (Didn't a Tom Clancy book use this plot device? I think the message was sent in the connect noises for the modem). And NS's Baroque Cycle had some interesting steganographic bits in it (excessively long and boring letters about the nobility's obsession with fashion hiding an encrypted message for all to see). But on a day to day basis, I doubt this will affect most people.
Do not touch -Willie
The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.
The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis. You'd need some redundancy there if you intent to jpeg compress the image, but it might work.
I've toyed with the idea of hiding data in the vectors used in a mpeg file. Exploiting the nature of the compression algorithm rather than the source data.
actually this is a really good thing. not just on slashdot, but on other sites where you can search the documents for key words.
Heck, post as ac with a unique subject and post encrypted (gpg) ascii in multiple parts. the data will be here still next year or five (plausible) and you can retrieve it, and decrypt (assuming you have the public key or password if it's symmetric
You can actually say a lot in plaintext without actually saying openly what you mean. Aleister Crowley was a master at this. The way this works is you talk directly to those who know the context in which you are speaking and it all just looks like mere verbiage to anyone not familiar with your topic. Or you refer to your predicates in such a way that the casual observer can't tell what your final conclusion refers to. This is not steganography per se, but goes to the origins of the concept. I have done this myself and it allows you to say things you wouldn't dare say outright for fear of retribution from certain third parties.
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."