Catching up on the thread, the comments about fitting the stego into the
image reminded me of http://www.outguess.org/ by Niels Provos. Looks like
he's a few months ahead of you
Marc Horowitz wrote:
>
> Rick Smith <[EMAIL PROTECTED]> writes:
>
> >> Thus, a 'good' stego system must use a
Arnold G. Reinhold writes:
> Closely matching the statistical properties of a physical device
> could be difficult.
Unless you xor'ed them with a different, published sample from the
same device. white x color1 = color2. But again, which sample you're
using has to be a computationally diffic
At 12:12 AM 01/27/2000 +, Ben Laurie wrote:
>I can't quite see the point of forward stego.
I'll leave it to Russ to explain his application if he wants to.
> Why not publish something
>public key encrypted and publish the private key later?
Symmetric cryptography has two advantages in this
In message <[EMAIL PROTECTED]>, Marc Horowitz writes:
>
> >> In short, is steganography the ultimate surveillance tool?
>
> Like most surveillance technologies, this is a game of constant
> incremental improvements. You watch me through a window, I put up
> curtains. You listen through a hidd
> question becomes, without identifying the location of the ciphertext in a
> prior agreement or on some outside channel, can a person communicate with
> friends without alerting enemies to the existance of secret communications?
In this case you are entering the realm of psychology. There may be
On Tue, Jan 25, 2000 at 04:51:12PM -0800, Nelson Minar wrote:
> Of course, this isn't easy to do - "matching statistical properties"
> isn't a simple closed problem. But I bet you could do fairly well in
> certain circumstances. For instance, Linux uses a strong random number
> when starting a TCP
>Sometimes it's important to hide the fact that a secret message exists. A
>good guy in enemy territory may wish to communicate with friends outside.
>Discovery of the ciphertext would alert the enemy to his presence. So the
>question becomes, without identifying the location of the ciphertext i
At 1:34 AM -0500 1/26/2000, Marc Horowitz wrote:
>Rick Smith <[EMAIL PROTECTED]> writes:
>
>>> The basic notion of stego is that one replaces 'noise' in a document with
>>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>>> strategy whose statistical properties mimic the n
Ben Laurie writes:
> If you want a lot of people to see it, you can't keep it secret. If you
> can't keep it secret, you may as well just come out with it and publish
> the bits without stego.
>
> What did I miss?
It depends on how hostile the regime is. If you want to publish
something bu
Dan Geer <[EMAIL PROTECTED]> writes:
>> My knowledge of media reproduction technology in the large is
>> near zero, but if a color copier can identify itself what is to
>> keep it from identifying the time of day or serial numbering
>> the individual copy or silently including a photo of the
>> o
> For example, it's possible that this email was written by a political
> prisoner in a 3rd world country and he's used steganography to conceal a
> message to his friends and family right here in these 3 paragraphs. My
> question is, without prior agreement or access to an outside channel, how
>
>Rick Smith wrote:
>> It sounds like there are a number of interesting design questions. For
>> example, the sender and recipient must obviously share a secret key.
At 10:18 PM 01/26/2000 +, Ben Laurie wrote:
>Why is that obvious? What's wrong with encoding with the recipient's
>public key?
Rick Smith wrote:
>
> >Rick Smith wrote:
> >> It sounds like there are a number of interesting design questions. For
> >> example, the sender and recipient must obviously share a secret key.
>
> At 10:18 PM 01/26/2000 +, Ben Laurie wrote:
> >Why is that obvious? What's wrong with encoding wi
Rick Smith wrote:
> It sounds like there are a number of interesting design questions. For
> example, the sender and recipient must obviously share a secret key.
Why is that obvious? What's wrong with encoding with the recipient's
public key?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http:
Eric wrote:
>No matter how well concealed (stego)or how well encrypted (crypto),
>does he have any way of notifying his friends that they should
>look here without alerting the enemy of his attempts to communicate?
It's the same challenge as secret key vs. public key. If you have no
prior arrang
At 04:23 PM 01/25/2000 -0600, I asked:
>>With this model there is no problem in making everyone aware of where to
>>look for cover traffic with stego data in it.
>
>Has anyone actually built a steganographic system that has achieved this?
Okay, I've seen a half dozen messages saying "it's no pr
Forgive me if I'm missing the point here but I don't think the original
question was how to make steganography better and hide the message more
effectively (although that's certainly a valuable goal).
Sometimes it's important to hide the fact that a secret message exists. A
good guy in enemy ter
If the picture was taken by an actual camera, the least significant
bits will be random due to the nature of the way CCDs work in the real
world. They might be biased, but it's not very hard to bias a
"random" data stream. You could have the sender look at the bias in
the od
On Tue, 25 Jan 2000, Rick Smith wrote:
<. . . .>
>
> For example, many stego implementations involve embedding data in the low
> order bits of a graphical image. Those low order bits undoubtedly have some
> measurably non-random statistical properties. Once we replace those bits
> with data, th
Rick Smith <[EMAIL PROTECTED]> writes:
>> The basic notion of stego is that one replaces 'noise' in a document with
>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>> strategy whose statistical properties mimic the noise properties of the
>> carrying document. Our favor
David Honig writes:
> At 03:20 PM 1/25/00 -0500, Russell Nelson wrote:
> >
> >I'm trying to do forward stego -- that is, publish some encrypted
> >steganographic document, with the idea that, once everyone has a copy,
> >*then* you reveal the key.
>
> Fascinating, captain. Canna imagine w
At 04:23 PM 01/25/2000 -0600, Rick Smith <[EMAIL PROTECTED]>
wrote:
>The basic notion of stego is that one replaces 'noise' in a document with
>the stego'ed information. Thus, a 'good' stego system must use a crypto
>strategy whose statistical properties mimic the noise properties of the
>carrying
> The basic notion of stego is that one replaces 'noise' in a document with
> the stego'ed information. Thus, a 'good' stego system must use a crypto
> strategy whose statistical properties mimic the noise properties of the
> carrying document. Our favorite off the shelf crypto algorithms do *not*
>I wonder if stego users will have to choose between uncrackable
>encryption or undetectable data.
I don't think so. Replacing the low-order bits of a picture with
random noise (or an encrypted message) is silly - like you say, anyone
can find it easily. But there is a certain amount of free entr
At 07:20 PM 01/25/2000 -, lcs Mixmaster Remailer wrote:
>Steganography is successful if the attacker can't distinguish
>message-holding data from ordinary data without the key. Ideally, he
>can't guess whether a message is present any better upon inspecting the
>cover data than he could with
At 03:20 PM 1/25/00 -0500, Russell Nelson wrote:
>
>I'm trying to do forward stego -- that is, publish some encrypted
>steganographic document, with the idea that, once everyone has a copy,
>*then* you reveal the key.
Fascinating, captain. Canna imagine why.
> Problem is, how do you convince t
lcs Mixmaster Remailer writes:
> > The problem with Steganography is that there's basically no way to
> > clue people in to it's location without clueing everyone into it.
>
> Encryption is successful if the attacker can't find information about the
> pla
em' is not with steganography, but with trying to apply it
outside of a security model that permits it.
On 25 Jan 2000, lcs Mixmaster Remailer wrote:
> > The problem with Steganography is that there's basically no way to
> > clue people in to it's location without clueing everyo
> The problem with Steganography is that there's basically no way to
> clue people in to it's location without clueing everyone into it.
That's not a problem. By definition, successful steganography
is undetectable even when you know where to look. Otherwise the
stea
The problem with Steganography is that there's basically no way to
clue people in to it's location without clueing everyone into it. For
any kind of public-key type stego to work, stego has to be 1)
standardized, 2) people have to be looking for that form of stego in
all the standard
30 matches
Mail list logo