At 07:20 PM 01/25/2000 -0000, lcs Mixmaster Remailer wrote:
>Steganography is successful if the attacker can't distinguish
>message-holding data from ordinary data without the key. Ideally, he
>can't guess whether a message is present any better upon inspecting the
>cover data than he could without being able to see it.
>
>With this model there is no problem in making everyone aware of where to
>look for cover traffic with stego data in it.
Has anyone actually built a steganographic system that has achieved this?
The basic notion of stego is that one replaces 'noise' in a document with
the stego'ed information. Thus, a 'good' stego system must use a crypto
strategy whose statistical properties mimic the noise properties of the
carrying document. Our favorite off the shelf crypto algorithms do *not*
have this property -- they are designed to generate output that looks
statistically random. So, can't we detect the presence of stego'ed data by
looking for 'noise' in the document that's *too* random?
For example, many stego implementations involve embedding data in the low
order bits of a graphical image. Those low order bits undoubtedly have some
measurably non-random statistical properties. Once we replace those bits
with data, the bits will have serously random statistical properties. So,
we can detect stego'ed data if the implementation uses any well known
strong encryption algorithm.
I wonder if stego users will have to choose between uncrackable encryption
or undetectable data.
Rick.
[EMAIL PROTECTED]
