Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Calculate Capacity of a Steganographic Channel

Posted by timothy on from the intentionally-not-left-blank dept.

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

80 of 114 comments (clear)

  1. counter-intuitive results? by ccguy · · Score: 4, Funny

    The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity

    How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).

    In fact, a port of gmail drive to slashdot is already in beta.

    1. Re:counter-intuitive results? by russotto · · Score: 1

      It's not counter-intuitive at all that adding noise to a channel can increase its steganographic capacity, since steganographic data can look like noise.

    2. Re:counter-intuitive results? by ccguy · · Score: 1, Insightful

      That's what I'm saying.

      Slashdot. Noise and redundancy. Backup for nerds.

    3. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas non felis. Cras in ligula in odio pellentesque vehicula. Aliquam metus nulla, venenatis sit amet, feugiat nec, pharetra ut, justo. Fusce tincidunt, massa eu iaculis iaculis, lacus nisi ullamcorper orci, ac sodales arcu massa at urna. Ut mattis nulla interdum urna. Praesent consequat. Fusce pede diam, pretium tempor, egestas eget, rhoncus in, sem. Sed semper. Nam in lorem sed nisl blandit commodo. Donec tempus, eros vel fermentum dictum, nibh sem imperdiet arcu, quis porttitor pede mauris eu mi. Aenean eu dui nec ligula dapibus aliquam. Integer eget libero nec velit pellentesque facilisis. Pellentesque diam sapien, auctor sit amet, mollis et, condimentum quis, nisi. Proin in libero nec nulla suscipit varius. Vestibulum facilisis enim sed magna semper tempus. Aliquam posuere. Fusce suscipit ante at nulla tincidunt fringilla. Aliquam fringilla dui eget ante. Ut rhoncus tortor nec pede.

      Aenean posuere. Suspendisse vehicula ornare lectus. Aliquam eros sem, iaculis id, consequat eu, varius ac, elit. Sed feugiat pretium est. Vivamus tellus elit, convallis et, pulvinar vitae, egestas id, justo. Vivamus id dui. Donec lacus. Phasellus placerat pharetra felis. Donec sed pede in lacus pretium porta. Maecenas semper imperdiet est. Mauris varius. Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

    4. Re:counter-intuitive results? by DarthJohn · · Score: 3, Insightful

      That's not what it says (somebody fixed a typo in the summary?).

      in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel

      More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

    5. Re:counter-intuitive results? by russotto · · Score: 1
      It says both:

      The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)

      I find the second counterintuitive, but the first not so. Perhaps the article-writers intended for the first to be "interesting" and the second "counter-intuitive", but to be fair to the summary-writer, it's not that clear.

    6. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Is that what they mean? It's very counterintuitive if so.

      I read it to mean that if the user (rather than the interceptor) uses various algorithms to store data he can store more data, which is not counter-intuitive at all.

      Bugger, we're going to have to RTFA.

    7. Re:counter-intuitive results? by Golddess · · Score: 1

      More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

      Not more people, different people. IE, say you've got a channel with two sets of hidden data intermingled with each other. One algorithm will decode the one set, while a second algorithm decodes the second.

      At least that's how it sounded to me.

      --
      "I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
    8. Re:counter-intuitive results? by danielpauldavis · · Score: 1

      "Steganography" sounds like what God did with the Bible, leaving various messages "encoded" in the text of Scripture. The method of having only those the message is intended for find it is ironically simple: those who don't credit the Bible for reliability won't look for them in the first place. Those who do, will study the Bible and incidentally find them in that study.

      --
      Cranky educator.
  2. Need for steganography by CRCulver · · Score: 4, Interesting

    Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography I even complained that Bruce didn't talk about how to hide even the use of crypto.

    But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

    1. Re:Need for steganography by zappepcs · · Score: 4, Interesting

      Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

      If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.

      --
      Support NYCountryLawyer RIAA vs People
    2. Re:Need for steganography by Ngarrang · · Score: 5, Insightful

      Do we need to hide crypto anymore?

      Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

      For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

      But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

      The best way to not get caught is to look like there is nothing to catch.

      --
      Bearded Dragon
    3. Re:Need for steganography by lysergic.acid · · Score: 2, Interesting

      "ordinary" people don't, and never really have. but there will always be people who need to transfer information undetected--spies, for instance.

      if you're an undercover law enforcement agent, you could communicate with your agency without blowing the risk of blowing your cover by using steganography; likewise for whistleblowers who need to get information out of an organization with tight security. steganography would also be useful during wartime when cryptography isn't an option, or isn't enough.

      i'm sure there are probably much more mundane uses for steganography as well, but you get the idea.

    4. Re:Need for steganography by Vellmont · · Score: 1


      Do we need to hide crypto anymore?

      Even the strongest crypto implementation and algorithm is still subject to Rubber Host Crypt-analysis, or even "court ordered cryptanalysis". In those cases stego would have some protection against these techniques.

      --
      AccountKiller
    5. Re:Need for steganography by Ginger+Unicorn · · Score: 1

      Rubber Host

      is that some kind of dominatrix that holds swinger's parties or something?

      --
      (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
    6. Re:Need for steganography by Ironsides · · Score: 3, Insightful

      Bluray is not a good counterpoint. Bluray is not designed to keep the contents from being read by anyone but the 'appropriate person', it is designed to keep anyone from copying it. However, it still meeds to be readable in the player. As such, it is like trying to keep someone from photocopying something while they still need to be able to read/view it. In encryption, you don't care if the 'appropriate person' copy it, you just don't want anyone else to be able to view it.

      --
      Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
    7. Re:Need for steganography by zappepcs · · Score: 2, Interesting

      While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different. There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode. It also makes the cadence or meter of your normal words decipherable. So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them. If your text is encoded twice, those added techniques are of arguably little value.

      --
      Support NYCountryLawyer RIAA vs People
    8. Re:Need for steganography by blueskies · · Score: 1, Insightful

      You really think McPalin is going to get elected?

    9. Re:Need for steganography by Anonymous Coward · · Score: 1

      China is capitalist. Get your facts straight. It is very very capitalist. It just happens to be run by the new gen Communist Party, which allows capitalism.

    10. Re:Need for steganography by Sancho · · Score: 2, Insightful

      What was broken was not encryption. It's a form of DRM which did not rely on encryption.

      BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that the disc uses BD+ to perform. If the player doesn't pass the check, the disc refuses to play.

      Surprise, surprise, it was possible to reverse engineer the virtual machine, and now unauthorized players can run the code and tamper with the results.

      So this is both a poor example of how fragile encryption can be (it's not encryption) and a bad example of keeping data from prying eyes (as the other guy pointed out, Blu-ray is designed to be viewed.)

      Worse:

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

      Known-plaintext attacks are an understood phenomenon, and encryption algorithms are designed to thwart them. Blu-ray encryption uses AES, which is believed to be secure from this sort of attack.

    11. Re:Need for steganography by SpurtyBurger · · Score: 1

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate

      Looks like the spam I get just about every day! The only thing missing is the cheap c14L15 ;)

    12. Re:Need for steganography by Anonymous Coward · · Score: 1, Funny

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      "In short, I think you are wrong, but it's your problem."

    13. Re:Need for steganography by DingerX · · Score: 2, Informative

      Don't disrespect it. In fact, steganography has had many many uses over the years. Naming just one case, steganography is the ultima ratio of intellectual property protection. Gulliver's Travels, for example, was published pseudonymously and "signed" steganographically. Even better, it was signed at least two ways, one using a "Soft" method, the other a "Hard" one. Right on the first page, Gulliver states: "Soon after my return from Leyden, I was recommended by my good master, Mr. Bates, to be surgeon to the Swallow." Evidently, Swallow is a synonym for "Swift", and the onanistic gag is thrown in for good measure. That's the one you're supposed to catch. Really fun, however, is the incipit: "My father had a small estate in Nottinghamshire: I was the third of five sons."

      I was the third of five sons: Cross out the third and fifth words, and the first letters of the remaining words form an anagram for "swift".

      Numerous other cases abound. I'm sure many of us have little coding tricks in which we "sign" our names. A watermark on a jpeg is nice, but it's even nicer if the guy who's going to swipe your images doesn't even know they're signed.

      Sometimes it helps to publish something anonymously; at other times, you might have a legitimate worry about your work being appropriated. In those cases, steganography has always been a savior.

    14. Re:Need for steganography by DerekLyons · · Score: 1

      If what you encrypt with can be broken by others, then it is not doing the intended job.

        WRONG.
       
      Cryptography only needs to be strong enough to protect the encoded contents for as long as said contents retain value. It does not need to remain unbroken forever.
       

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.
       
      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Wrong again - if it is worth the time of those attempting to decrypt your initial message, then it is worth their time to break the second layer.

    15. Re:Need for steganography by zappepcs · · Score: 1

      Indeed, and that is a short, simply encoded message with easily discernible rules, if you know English and have a dictionary (in your head or otherwise).

      It can be much more complex but stay with simple rules, and without much effort it can make any message encrypted with PGP or whatever look like and be an encrypted message when the first decryption is complete. In fact, it might make no sense at all without having received the previous message, or perhaps not until you receive the next, or until your software scans the most recent page found when searching /. for the text in the 7th sentence.

      What amazed me lately is when a social web site was named as possibly being used by 'terrorists'. Fsck, all websites could be used by terrorists to pass messages. Fox news could be used to pass messages. It's all in how you encrypt etc. When you don't have to rely on a fixed key (public or otherwise) the encryption becomes much stronger. Encrypting with a public encoding scheme after doing so with a private one of a random nature will ensure a much better security of data. Yes, this can be used on publicly stored data, as part of emails or files on Google services etc. You can encrypt messages into graphics files, or MP3 files. Or store the secondary key in such publicly available files. Straight forward encryption will get broken.

      Yes, what I'm saying will take a bit extra time/effort, but when the prying eyes of the government are having to break 114 million different codes, all of which could be as strong as 256bit encryption, gathering everyone's packets becomes a bit of a nightmare. Stenographic encryption, or hiding the message in plain site is a good way to keep it safe. It's also easy to implement forms of it:

          2 4 40 15 57 110 23 61 115 39 96 55 77 53

      Another simple one there. That is what you would have after PGP decodes with the private key. Now additional code will render this to standard text.

      --
      Support NYCountryLawyer RIAA vs People
    16. Re:Need for steganography by billcopc · · Score: 1

      That entirely depends on how you define right vs wrong.

      If something is disliked or unfavorable to the wealthy minority "wrong" ?

      Is doing something because everyone else doing it "right" ?

      The answer to both those questions should be: "Who cares!?" Right and wrong should be a personal thing. You don't like what someone else does ? Ok, your problem!

      --
      -Billco, Fnarg.com
    17. Re:Need for steganography by RulerOf · · Score: 1

      While that's interesting, how did you come to that conclusion?

      --
      Boot Windows, Linux, and ESX over the network for free.
    18. Re:Need for steganography by element-o.p. · · Score: 1

      "ordinary" people don't [need steganography], and never really have.

      You're on acid (sorry, couldn't resist).

      "Ordinary" people *do* have a need for encryption and even steganography. I don't particularly want the government, my employer, or anyone else for that matter to know the private details of my life. They don't need to know what medications I take, for what conditions, what my personal finances are, etc. Suppose I am out of town on a trip, and I need to use a credit card that I left at home. Should I have my wife e-mail the number, the expiration date and the CCV code in the clear?

      When dealing with their own security, the government calls this "need to know." Other people don't need to know these details of my life, and therefore it is reasonable that I encrypt or hide these details in steganography when I use an insecure channel (like the Internet).

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
    19. Re:Need for steganography by AttillaTheNun · · Score: 1
      Of course, you have to pick your carrier carefully or you will still raise suspicion.

      For example, it's obvious that any television show hosted by Bob Saget is nothing more than a carrier for stenographic communication between earth and our intergalactic overlords.

      Don't try to convince me that Full House and America's Funniest Home Videos survive on merit of ratings alone.

    20. Re:Need for steganography by lysergic.acid · · Score: 1

      um, read the post i was replying to. i never said normal people don't need cryptography. i was responding to the comment that there's no longer a need for steganography anymore just because encryption is commonplace.

      also, you gave no examples of when an ordinary person would need steganography instead of encryption.

    21. Re:Need for steganography by blueskies · · Score: 1

      Each new piece of legislation is another right we may never see again. Last time I checked, Obama didn't promise to veto every bill that fails to repeal a previous law.

      You are absolutely correct. Obama also didn't promise to fight for the rights of reindeer or promise to bring world peace.

      I hope you are confused as I am, because none of those things have anything to do with socialism--just like your post (although your sentence construction makes me think you are Palin *wink*)

    22. Re:Need for steganography by Whiteox · · Score: 1

      When was that discovered?
      Strangely (although typically), I did a thesis on Gulliver's Travels pointing out the various attacks on Newton and his physics. This was an historical work.
      At the same time, I modified a subset of it and turned it in as an English Lit. paper. Neither disciplines saw eye-to-eye on the same content!
      I was a bit bemused at the time and realised that truth and objectivity doesn't exist as far as historians and English literature are concerned.
      In my research (mid 1970's), I had never come across the steganographical aspect of Dean Swift's work(s). So I'm intrigued about your sources and knowledge about him.

      --
      Don't be apathetic. Procrastinate!
    23. Re:Need for steganography by complete+loony · · Score: 1

      ... which did not rely on encryption

      Yes, and no. Some of those "traps" that the BDVM code can call are cryptography methods. However the encryption keys used will either be generated by the BDVM code, or are already known from the AACS system.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    24. Re:Need for steganography by AmberBlackCat · · Score: 1

      The people, who really need cryptography, basically need the rest of us to use it even though we don't need it, so we will become the noise that keeps them from standing out.

    25. Re:Need for steganography by DingerX · · Score: 1

      I've got no idea. As an undergraduate, I took a bunch of courses with a crazed philologist (long before I realized that all philologists are crazed, and that I must bury somewhere in the apparatus the note that I am an historian), and he'd spout out random "facts," most of which I found out later were false. But Swift worked pretty well, and I have no idea where he picked that one out. He followed it up with one that claimed that if you take the opening of Lazarillo de Tormes and play acrostic with the first lines, you can bring out the name of Hurtado de Mendoza. I wasn't convinced by that one then.

    26. Re:Need for steganography by soliptic · · Score: 1

      Well it mostly looks like he mostly uses the first and last letter of each word, or the whole word if it's 3 letters. But I haven't figured out what goes on with "young" etc?

    27. Re:Need for steganography by Thaelon · · Score: 1

      The best way to not get caught is to look like there is nothing to catch.

      No, the best way to not get caught is to convince those watching you belong.

      --

      Question everything

    28. Re:Need for steganography by element-o.p. · · Score: 1

      'Kay...how about this: having data encrypted implies that there is something about the data that the originator doesn't want others to see. Curiosity causes others to want to know what exactly is so secret. Or perhaps, a script-kiddie wants to crack the data, just to see if he can. Or, in a more Orwellian vein, the NSA decides to crack the encryption because 1) "if you are encrypting you obviously have something to hide", or 2) just for practice.

      By hiding the data in your vacation pictures with steganography, no one even bothers to look.

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
  3. Google is the perfect example by NotQuiteReal · · Score: 4, Insightful

    hiding a message in such a way that only the sender and receiver realize it is there

    I ignore lots of ads served up by them. They might as well not be there, I can't name one.

    --
    This issue is a bit more complicated than you think.
  4. Were's Waldo's message? by Ostracus · · Score: 2, Informative

    "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) "

    There's a secret message in this post. Can anyone find it?

    --
    Shai Schticks:"You don't make peace with friends, you make peace with enemies"
    1. Re:Were's Waldo's message? by Anonymous Coward · · Score: 5, Funny

      stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)

      there' S a secret messa G e in this post. c A n an Y one find it?

    2. Re:Were's Waldo's message? by taucross · · Score: 1

      Your and idiot :/

      --
      "In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."
  5. Already in use by xmarkd400x · · Score: 5, Funny

    In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).

    When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!

    1. Re:Already in use by ceoyoyo · · Score: 3, Insightful

      That's the part about noise increasing the capacity of a cryptographic channel.

    2. Re:Already in use by jsalbre · · Score: 1

      See? She's so good at you you can't even tell she's there!

      --
      Jeremy http://alucinari.net
  6. stego vs crypto vs compression by Anonymous Coward · · Score: 1, Interesting

    "for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)."

    Umm. Duh.

    Crypto and compressed data both tend to look like white noise. That makes them ideal stego candidates. When the data itself has a uniform distribution, it's really hard to to spot. It gets even harder if you apply a one time pad of random low-order bits to the stego medium and then modulate your signal in those bits. Thus, the actual channel capacity is nearly identical to the bitrate of the low order pre-wash bits. QED. No fancy assumptions needed.

    p.s. Nabalzbhf Pbjneq sbe Cerfvqrag!

  7. Abstract misinterpreted the paper. by argent · · Score: 3, Insightful

    Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

    That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.

    1. Re:Abstract misinterpreted the paper. by argent · · Score: 1

      When you boil everything down, nothing is counter-intuitive

      Except quantum physics, voting paradoxes, and why the guy in the car in front of you doesn't close the gap in front of him before... oh god, there he goes again, let some jerk driving down the breakdown lane sneak in front of him. I tell you, some people...

    2. Re:Abstract misinterpreted the paper. by Onymous+Coward · · Score: 1

      And on page 8 of the arXiv PDF, "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.

      KFC at the arXiv blog got it wrong and the /. eds passed it on.

      Maybe there's a hidden message in the mistake?

      Probably not.

    3. Re:Abstract misinterpreted the paper. by argent · · Score: 1

      You're in a balloon.

  8. Stenography FTW by yttrstein · · Score: 3, Interesting

    I've always had a warm spot for stenography, and it's actually much handier for certain types of communications than others. For example, in the two nights preceeding the last Democratic National Convention that was held in Chicago (1996), a subversive media organization, armed with clunky digital cameras and a T-1 on the south side donated by the Teamsters photographed and filmed more than a hundred instances of police brutality, uploading them to the web with about a 30 minute delay.

    You had to actually drive downtown to where the T-1 terminated to upload things in those days, see.

    But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography. It went like this:

    I have a number, that number is 356-32395510. I tell you that number. Then I take an image file and UUencode it. (for those who don't remember what that does, it's great for turning a binary file into a flat text file without losing any data). Then I take the message that I want to give you and drop it manually into the UUencoded file, like this:

    Every third character on every second line starting from line 910, (the third, fifth and sixth digits of the are decoys) counting whitespace. The numbers always changed and had to be memorized when received as they were never written down. Everything to the left of the dash tells you what digits to the right of the dash are decoys. Use the number to find the characters and you have the message. Pull them out and you can UUdecode your picture again and look at it. Leave them in and the file looks merely corrupt. Email the stenographed file to the recipient who's memorized your number and there you have it.

    The upside to this method is plausible deniability. If the fuzz finds a corrupt file called "FATLADYSEXHAHA.uue" on your computer, they have nothing. However, if they find a PGP file that you refuse to open for them, there can be issues.

    Of course it's possible to break that kind of thing, but the point of stenography is that the man does not know it's a message of any kind, let alone a radical one all about how awesome cuba is.

    1. Re:Stenography FTW by zindorsky · · Score: 4, Informative

      I've always had a warm spot for stenography

      ...

      But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.

      ...

      Of course it's possible to break that kind of thing, but the point of stenography

      So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.

      --
      If the geiger counter does not click, the coffee, she is not thick.
    2. Re:Stenography FTW by yttrstein · · Score: 1

      I don't think I deserve that down-mod along with "zindorsky's" judgment here.

      Let me explain.

      This "zindorsky" person decided to pass no judgment or comment on the content of the post itself, but only stopped to correct my spelling and word usage, implying that not only was he already privy to the information contained in the post, but also that I'd misspelled the word in question--or more probably that I didn't know what the word was to begin with.

      So this next part is for you, "zindorsky":

      I have an agraphia aphemia, more precisely a Wernicke aphasia in morbid coupling with an ideomotor apraxia as a result of a brain injury some years ago. The result is interesting and bizarre---while I'm capable of typing well in excess of 120wpm on a low-travel keyboard, there are some words which are not accessible to my mind in written form. That means that I am capable of thinking of the word in my head, I can say it to myself, but I cannot imagine it spelled with letters at all, and I cannot even begin to type it. However, I've trained myself to cope with this minor issue by using very similar words and hope that context does the rest. And for about five years, up until now actually, it has.

      You'll notice a few consistently wrong words in many of my posts---but which are phonetically close to the inaccessible word. You'll also see inexplicably missing words in many of my posts, which happens when I end my frustration by picking up typing speed. If I don't have a word ready to go at 120wpm or more, no word gets used in its place. The sentence goes on without it.

      So, "zindorsky", do try to understand that sometimes it isn't so much that you have a superior intellect, but that you don't have enough information.

    3. Re:Stenography FTW by yttrstein · · Score: 1

      You're fired, Thomas. You know the drill. You have 300 seconds to say your goodbyes and bitch about how evil I am to fire you via Slashdot reply.

      But hell, it's not like it's got a better use these days.

    4. Re:Stenography FTW by yttrstein · · Score: 1

      Why don't you furnish me with your identity and email address and we can discuss the issue, if you're actually interested and not just being a jerk.

  9. How much info can you hide in a scientific paper? by petes_PoV · · Score: 3, Insightful
    Well, I've read the published paper, and I still don't have a clue what the answer is. I suppose hoping for a cut and dried figure like "1%" was too optimistic, afterall.

    If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  10. A little, to the majority of the file size. by DarthStrydre · · Score: 1

    Anywhere between 0 and a bit less than 700MB of data, depending on desired quality of video. A one frame video stream with an unrecognized FOURCC tag as an alternate stream is valid AVI - the alternate stream is ignored by players, and can contain encrypted data. It is 'invisible' to non-uber users, and could concievably be an "experimental audio codec" for plausable deniability.

  11. Re:How much info can you hide in a scientific pape by kamochan · · Score: 2, Funny

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    700 MB, if you do it in the dark.

  12. Steganography?? Whaddya know... by Binge · · Score: 3, Funny

    I always thought Steganography was the act of writing on large, plate-backed dinosaurs. Ya learn something new every day here!

    --
    http://photobombers.com/ Funny pix
  13. Sorry try again by shadow_slicer · · Score: 2, Informative

    That's not steganography. That's encryption, and a crappy one at that. If you take your PGP file (and remove any unnecessary header stuff), it will also look like a corrupt file, just like your UUencoded image. Steganography is hiding some data inside something else, like hiding a message in an image. For example, the police see an image of kittens, but you hid your child porn in the LSBs of the image, they can't see it.

    1. Re:Sorry try again by yttrstein · · Score: 1

      Encryption is the following:

      "encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge"

      What I'm talking about is the following:

      The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message.

      What I described is *precisely* correct under definition. Let me be more clear, using the example I used to offer students:

      One is a process of conversion, the other is a process of obfuscation.

      Combining the two is of course beyond the scope of this post, but is also an incredibly interesting discipline in itself.

    2. Re:Sorry try again by Whiteox · · Score: 1

      There are other forms of hidden text or more correctly, 'meanings'.
      One that comes to mind is the Pesher technique which is used to re-interpret holy texts.
      The other is termed 'Legominism' also gnostic, as described by Gurdjieff who showed that missing or incorrectly ordered information, compared to correctly orderd information can also pass on meaning. That using a 'mask'.
      For example as there are 7 days in the week - SMTWTF, and if the message reads SMTTWTFS then a message has passed on.
      Legominisms can be part of architecture, statues, inscriptions, carpets, musical notation, dances and so on.
      Both these techniques are very old and most have not been decoded yet.

      --
      Don't be apathetic. Procrastinate!
    3. Re:Sorry try again by shadow_slicer · · Score: 1

      I just fail to see how having a slightly corrupt uuencoded file is the same as not having a file. In the case of an encrypted file, you also have a file that appears corrupt. And it is obvious to everyone that there is a message (the file), even if they can't decode it. I'm sorry I just fail to see how the scheme you proposed could be considered stenography.

  14. ducks? by SilentResistance · · Score: 1

    Kaylee: Although I'm getting some weird chatter on the the official two-six-two. Sounds like they're talking about... ducks?

  15. Re:How much info can you hide in a scientific pape by marcosdumay · · Score: 1

    "So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?"

    No idea, but it is probably a lot less than you can stuff undetectably on a 700MB WAV file ;)

    You can hide as much data as there is noise on your file (granted it is compressed and cryptographed), so when you record that WAV file, be sure to do that in a noisy anvironment. By the way, I didn't RTFA, to see what those people really discovered (obviously, not what the sumary say they did), I'm here to see if it is worth it.

    --
    Rethinking email
  16. Re:Steganography/Cryptography by kj_in_ottawa · · Score: 1

    I think the email you are about to receive inviting you for a walk in the woods, may have a hidden message in it.

  17. Yes - Stenography by NotQuiteReal · · Score: 1

    My mom used to hide notes from the rest of the family, in plain sight, using short hand.

    She was a secretary, back in the day. When you saw some scribbling on a note, you knew it was the chrismas shopping list or something, but who the hell knows what it said - even if you had a copy of Gregg's you'd be hard pressed to figure it out, unless you really wanted to spoil the surprise.

    --
    This issue is a bit more complicated than you think.
  18. Hiding in a JPEG ... by PPH · · Score: 2, Funny

    ... of Pamela Anderson. There appears to be quite a bit of excess capacity available.

    --
    Have gnu, will travel.
  19. Too many unknowns by bokmann · · Score: 2, Funny

    Calculating this with any accuracy would require knowledge of both the width of a Stegasaur (which can be approximated from their fossils), but also how fast they ran. Given other arguments about the unknowns of dinosaurs, the figures we can guesstimate for their speed are just to varied to calculate this capacity to any meaningful value.

  20. How to answer "if you're hiding something ..." by JetScootr · · Score: 2, Insightful

    The cop says, "If you're doing nothing wrong, you have nothing to hide."
    Answer: "Why are you wearing clothes? Got something to hide?"

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
    1. Re:How to answer "if you're hiding something ..." by Katatsumuri · · Score: 2, Funny

      It is generally a bad idea to play a smartass in front of a cop on duty.

      In a friendly debate with a moderately drunk chick in the bar, that may be appropriate.

    2. Re:How to answer "if you're hiding something ..." by mdmkolbe · · Score: 1

      Answer: "If you have no reason to suspect I have something to hide, why do you insist on prying?"

  21. Re: mods on crack by MrMr · · Score: 1

    Sorry, but I mod subsequent anonymous posts to -1 or 0 to encode my secret messages.

  22. Simple by TheSync · · Score: 2, Funny

    The The secure capacity C (W, g, A) of a stego-channel give W [noise], g [steganalyzer], and A [attack] is given by C (W, g, A) = sup I(X;Z) for X an element of S0.

    I is the spectral inf-mutual information rate for the pair of general sequences.

    Z is the stego channel after encoding, noise, and attack (before decoding).

    S0 is the secure input set, the set of encoded data that remains impossible to steganalyze after the addition of noise (but not necessarily attack).

    I think mathematicians like to make their papers overly complex.

  23. Re:How much info can you hide in a scientific pape by temcat · · Score: 1

    Well, I've read the published paper, and I still don't have a clue what the answer is.

    That's steganography at work! The answer is hidden.

  24. Knitting code by CustomDesigned · · Score: 1

    In Sorcery and Cecelia (or maybe it started in the sequel), the heroines knit fashionable items for each other, and code the message in the pattern of knits and purls.

  25. Messages that aren't really there by CustomDesigned · · Score: 2, Insightful

    Sometimes people think there is a steganographic message, when there isn't. The Bible Codes are an example. The idea is that God hid secret messages in the Bible which are revealed by equidistant letter spacing. Never mind that such "messages" can be found by ELS in any sufficient large work. Practitioners never seem to find the messages until after they become relevant...

    1. Re:Messages that aren't really there by mikael · · Score: 1

      Those were skip codes. You take a massive large block of text, then set your encoded message to be a particular starting offset from within this text, skip distance (or stride) between characters, and the length of the message.

      From these three values (starting offset skip distance, length) you could extract a message.

      I always wondered whether you could encode/extract an mp3 file from a suitably large ISO file (eg. Linux DVD ISO file) by defining a list of such messages.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  26. That's not a typo! by RMH101 · · Score: 1

    It's part of a hidden, encrypted data stream!

  27. Re:this is useful for the election today by srussia · · Score: 1

    Actually, TFA is a steganographic message to the Manchurian candidate.

    --
    Set your phasers on "funky"!