On 26 May 99, at 22:08, Chris M. Lonvick wrote:
> The concept of hiding files within bitmaps follows the general
> rule that the least significant bit of each pixel can be changed
> without any noticable overall change. (You should be able to do
> the same with sound files.)
I used to think this -- and wondered how this would interact with "lossy"
compression methods....
This is not how the example available currently at antionline works.
A .GIF file consists of a table of 256 colour values (the "palette") and
then the indices into this table for each pixel (this latter list is
compressed -- and, of course, there are various header fields as well).
Think of it as a "paint by numbers", where all of the pixels coded "3" will
be rendered in a particular shade of red (or as near as the recipient's
equipment can manage).
The list of colour values in the palette can be permuted; as long as the
pixel indices are shifted to match, there is no change to the actual pixel
colour values when the image is rendered. [Note that the method Chris
describes above involves a slight probably-not-perceptible discolouration of
the image....]
The possible permutations of 255 unique values can be numbered in lexical
order; there are about 2^1600 of them. So examining the table as stored in a
particular file, a program can identify the lexical number of this
permutation, and interpret that as about 200 bytes of encoded information --
which may have been compressed first. This isn't a huge "file", but it's
sufficient to hide a password or an encryption key or some other useful
nugget.
If we knew that all "normal" graphics tools always selected a particular
permutation for the palette (probably lexical number 0), then we might have
some grounds to suspect that concealed messages were present in any .GIF
files using any other ordering of the palette. But I don't think we know
this, and that means that we have no way of suspecting one file more than
another. [If the same message is stored in multiple files, their palettes
may use the permutation with the same lexical numbering. But since the
palettes are likely to consist of different colour values, it is highly
unlikely that any automated pattern-matching system would ever spot this.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
