On 1/25/07, Carl Lowenstein <[EMAIL PROTECTED]> wrote:
On 1/24/07, Bob La Quey <[EMAIL PROTECTED]> wrote: > Steganography has always seemed really neat to me. Here are some > tricks I just ran across. > > ======================================== > > Command line - cat your gif and zip > > Finally, for those of you comfortable on the command line, reader > Jason H. writes in with a nifty stego trick using built-in tools. The > premise of this technique is to append a .zip file to the end of a > .gif file, resulting in a file which is readable by both .gif programs > and .zip programs. > > Jason explains why this works (with the help, he says, from a > long-lost thread at Something Awful): > > It works because .gif files keep all of their information in the > headers, while .zip files keep them in the footer. Since that's the > case, .gif viewers read from the front of the file, while .zip readers > read from the end. > > Here's how to combine your .gif and .zip. > > cat somefile.zip >> somefile.gif > > <boblq> > It turns out that this works with .jpg files as well. Just > > cat somefile.zip >>somefile.jpg > > to retrieve the original somefile: > > unzip somefile.jpg > > I will leave it to the rest of you to find out what > other image formats work this way. > </boblq> > > The problem with this method is that not all zip programs can extract > the resulting file. When I tried, both 7-Zip and Windows built-in > extraction failed, but WinRAR handled it just fine. Still, that's > something the intended recipient should know. > > For double super-duper security, password the zip file that you hide > inside the image.Isn't this just "security by obscurity" which isn't much security at all. It's almost as good as starting your reply with "^begin ". carl
Not to defend this particular toy example but ... Steganography is by definition "security by obscurity", which IMHO has given a bad name by the marketeers of encryption. One of the problems with encryption is that (in most schemes) patterns of communication are open and subject to traffic analysis. Steganography is the science (and there is one) of hiding. Wikipedia is not a bad place for a first cut. http://en.wikipedia.org/wiki/Steganography BobLQ -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
