I think this is a security model issue. Steganography is useful if there
is some out of band communication ahead of time. If there is no way to
let the receiving party know that he or she will be receiving a hidden
message, and how to retreive it, then steganography isn't useful. Without
the knowledge of where the message is and how to retreive it, the intended
recipient and the attacker are both prevented from reading it. In some
situations, steganography can be usefully employed, but it isn't a panacea
for all secure communication applications.
The 'problem' is not with steganography, but with trying to apply it
outside of a security model that permits it.
On 25 Jan 2000, lcs Mixmaster Remailer wrote:
> > The problem with Steganography is that there's basically no way to
> > clue people in to it's location without clueing everyone into it.
>
> That's not a problem. By definition, successful steganography
> is undetectable even when you know where to look. Otherwise the
> steaganography has failed.
>
> Encryption is successful if the attacker can't find information about the
> plaintext without the key. Ideally, he can't answer questions about the
> plaintext any better with access to the ciphertext than without.
>
> Steganography is successful if the attacker can't distinguish
> message-holding data from ordinary data without the key. Ideally, he
> can't guess whether a message is present any better upon inspecting the
> cover data than he could without being able to see it.
>
> With this model there is no problem in making everyone aware of where to
> look for cover traffic with stego data in it.
>
>
