Hiding Secrets With Steganography On FreeBSD 424
BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."
GOATSE LINK MOD PARENT DOWN (Score:0, Informative)
Re:Example: (Score:3, Informative)
Re:Is this limited to FreeBSD only? (Score:3, Informative)
Not so good.. (Score:5, Informative)
Re:Steg is fairly useful, but it is crackable (Score:0, Informative)
then you have to crack them
Re:Is this limited to FreeBSD only? (Score:5, Informative)
Re:Is this limited to FreeBSD only? (Score:4, Informative)
Re:I wonder . . . (Score:5, Informative)
Of course.
These utilities usually use bits that will not make a change apparent to a human observing the data with our normal senses (ie. the last bit in each color field) so obviously doing anything to change the bit pattern will destroy the message.
Re:Is this limited to FreeBSD only? (Score:5, Informative)
Re:Is this limited to FreeBSD only? (Score:2, Informative)
MOre stuff on Peter Wayner's website (Score:1, Informative)
pfah. (Score:3, Informative)
Here's a link to a whole steg. file system: (Score:5, Informative)
http://www.mcdonald.org.uk/StegFS/
Better compression = more difficult to hide... (Score:5, Informative)
Steganography detection is doing rather well - it simply realizes when the compression is "wrong", that is, if it would have been compressed better if there wasn't hidden info in the image.
By the way, for legal purposes it might be just as efficient to use something like Bestcrypt's hidden container - it's a very smart, yet "dumb" form of steganography. You create an encrypted container, which has a key. Then you create a hidden container inside the encrypted container, with a different key. There's no way to detect the presence of a hidden container - it looks like random data in a container full of random data.
If required by law to provide a key, provide the key to the outer container. When asked about a hidden container, go "What hidden container?" Even if it is very likely that there is one, there's no proof of that. Even the wackiest RIP bill doesn't require you to provide decryption keys to things that doesn't provably exist.
Kjella
Re:Good stuff, but... (Score:5, Informative)
b) you don't have to output to ascii armor. (although I'm certain that the resulting files still have a recognizable, openpgp compliant structure.)
Re:Is this limited to FreeBSD only? (Score:3, Informative)
He also offers a public domain stenography app in portable C [fourmilab.ch].
Those looking for really random numbers, of course, will know about his HotBits [fourmilab.ch].
Re:How? (Score:2, Informative)
You ask:
"What distinguishes the [pseudo]randomly-distributed [psuedo]random-bits of the encrypted message from the background noise of the image?"
The thing that distinguishes them is the fact that the background noise in a file rarely resembles random noise. This depends greatly on the file format, but is arguably true in all cases. In your example, a simple entropy check should be sufficient to determine that all is not as it should be. Even with a small message, even the most basic steg detection tool will find this when comparing against statistics gathered when analyzing similar files. The trick with effective steg isn't with emulating randomness, it's making the message look as close as possible to the data that SHOULD be in the file. That's much much harder than simply emulating randomness. For a much better (more detailed) discussion of this topic, check the home page for Outguess and the links from that site.
Done properly... (Score:3, Informative)
While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might guess. This makes it quite difficult to make a scheme which hides there effectively.
Re:Good stuff, but... (Score:3, Informative)
Re:Is this limited to FreeBSD only? (Score:3, Informative)
You make an excellent point. However, if the Department of Homeland Security suspected that you were hiding data within your own obscure files, they could search the files themselves for "extra" data. They can prove such a message exists, even if they can't discover what the message is.
Heck, within the steghide program itself you can see if a file contains embedded data (from the article):
So if they suspect that your cute puppies are really plans for world domination, they could find out.
Re:Yes, except (Score:3, Informative)
*sigh*
dave
Re:Commercial for BSD! (Score:3, Informative)
Now if we were going just by technical merits (or even moral merits) something like Apple should have died its righteous death a long time ago. But, I guess people need to worship on the altar of 'alternative', even if they are getting robbed blind for it. IMO, Apple is the worst monopolist ever (well, aside from someone truly attrocious like DeBeers).