Carl Lowenstein wrote: > On 1/24/07, Bob La Quey <[EMAIL PROTECTED]> wrote: >> Stegonagraphy has always seemed really neat to me. Here are some >> tricks I just ran across. >> >> ======================================== >> >> Command line - cat your gif and zip >> >> Finally, for those of you comfortable on the command line, reader >> Jason H. writes in with a nifty stego trick using built-in tools. The >> premise of this technique is to append a .zip file to the end of a >> .gif file, resulting in a file which is readable by both .gif programs >> and .zip programs. >> >> Jason explains why this works (with the help, he says, from a >> long-lost thread at Something Awful): >> >> It works because .gif files keep all of their information in the >> headers, while .zip files keep them in the footer. Since that's the >> case, .gif viewers read from the front of the file, while .zip readers >> read from the end. >> >> Here's how to combine your .gif and .zip. >> >> cat somefile.zip >> somefile.gif >> >> <boblq> >> It turns out that this works with .jpg files as well. Just >> >> cat somefile.zip >>somefile.jpg >> >> to retrieve the original somefile: >> >> unzip somefile.jpg >> >> I will leave it to the rest of you to find out what >> other image formats work this way. >> </boblq> >> >> The problem with this method is that not all zip programs can extract >> the resulting file. When I tried, both 7-Zip and Windows built-in >> extraction failed, but WinRAR handled it just fine. Still, that's >> something the intended recipient should know. >> >> For double super-duper security, password the zip file that you hide >> inside the image. > > Isn't this just "security by obscurity" which isn't much security at > all. It's almost as good as starting your reply with "^begin ".
Heh!! Yes, surely the cute trick with zip and image files is not to be taken seriously. Passing the image through some transformation tool drops the zip (oops). Also someone correct me if I remember incorrectly, but zip encryption is considered weak, no? But the problem of secure messaging certainly merits a lot more discussion. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
