Forgot your password?
typodupeerror
Encryption Books Media Security Book Reviews

Disappearing Cryptography 46

Posted by timothy
from the hiding-in-plain-sight dept.
Another chromatic review, this time of Disappearing Cryptography. It is a fortunate circumstance that even as governments -- and others -- are becoming more interested in peering over your shoulder, or at least at your data traffic, the exchange of large files suitable for hiding messages has become commonplace. Peter Wayner is also the author of Free For All , reviewed here on Slashdot a few months back.

Disappearing Cryptography
author Peter Wayner
pages 293
publisher AP Professional
rating 7.5
reviewer chromatic
ISBN 0-12-73867108
summary A study of steganography, making secret informationinvisible to prying eyes. A suitable, though dated, introduction.

The Scoop

Cryptography, argues the author, has the potential to balance power relationships between individuals and governments. Forcing people to conduct all communications in publicly-readable forms allows the honest to be oppressed by tyrants, criminals, and pranksters. Why should the innocent suffer to help authories track stupid criminals?

Wayner mainly concentrates on steganography, hiding secret communications in plain sight. Instead of using ciphers and algorithms to generate a message mathematically indistinguishable from pure random noise, one might instead replace the lowest significant bits of a JPG image with the message. Only those who analyze the image may potentially reconstruct the text.

What's to Like?

Each chapter has three sections, arranged by increasing complexity. The first contains a short anecdote to illustrate the point of the chapter. (Some make immediate sense, while others seem only tangentially related.) The second section discusses the theory. The final section gets into the guts, mathematics and algorithms, analysis and common problems. This division allows readers to go only as deeply as they prefer.

Early sections on information theory lay the framework for later chapters. While discussions of error correction and density don't have the cloak and dagger thrill of spy stuff, they're fundamental to serious analysis of techniques. Serious students would do well to use Wayner's extensive and excellent bibliography of books and papers to improve their knowledge.

The middle of the book is excellent. A lengthy discussion of text mimicry starts with analysis techniques, producing in a program hiding a secret message in an innocent-seeming baseball play-by-play. (It includes a dissertation on effective and reversible context-free grammars.) The next chapter, on Turing machines and reversable computing, is particularly interesting (especially after reading The Diamond Age).

More than just data hiding, the final section of the text covers privacy. Anonymous remailers can provide double-blind communication (but see the caveat below). The Dining Cryptographers algorithm of chapter 11 may be used to send a secret message without divulging the sender's identity. The final chapter adds a philosophical spin, explaining the author's biases and his reasoning for promoting secrecy. (He's Cypherpunk friendly.)

What's to Consider?

This is not a book for beginners. Some of the initial theory throws around summations and other pre-calculus constructs as an integral (pardon the pun) explanation of entropy. One of the two large examples is written in Pascal. A second year computer science student should have no trouble understanding the text. A layman might not get past the second chapter (though he could safely skip most of the math.)

This book is also dated -- in fact, Hemos recommended it for review partly to prompt the author and publisher to produce a new version. The anonymous remailer chapter is seriously out of date, and it would be nice to have new information about distributed.net, secure peer-to-peer communications, and web stuff. In addition, some of the softwares described have been superceded by new versions and successors.

The Summary

Aging but written with the future in the mind, Disappearing Cryptography favors theory and principles, for the most part. It makes a good introduction to steganography and the study of patterns in digital communications, leading naturally to more detailed works. It may also serve as a starting point to new ideas and discussions. Perhaps 2001 will bring us a new version.

Table of Contents

  1. Framing Information
  2. Encryption
  3. Error Correction
  4. Secret Sharing
  5. Compression
  6. Basic Mimicry
  7. Grammars and Mimicry
  8. Turing and Reverse
  9. Life in the Noise
  10. Anonymous Remailers
  11. Secret Broadcasts
  12. Coda
  1. Mimic Code
  2. Baseball CFG
  3. Reversable Grammar Generator


You can purchase this book at Fatbrain.

This discussion has been archived. No new comments can be posted.

Disappearing Cryptography

Comments Filter:
  • I'm not sure exactly what your point is. Of course polititians are people. Does that mean they should not be held responsible for their policy decisions?

    Or are you saying that they should be let off the hook because they are just doing what anyone else would do in their shoes? If that's true, (which I suspect it may well be) then the problem is not with the people but with the system in which they operate. Either way we have to remain vigilant.

    Come on everybody, there's no day like today for a revolution!
  • I have a couple of questions as a non-terrorist, non-suspicious person (or am I ;). At what point does the very volume of information -- whether plaintext, encrypted, hidden, or encoded -- make it impossible to detect an important but "non-targeted" message amid all of the noise?

    By non-targeted, I mean a message that might or might not contain sensitive material. For example, assuming even modest abilities at the NSA, a email containing the string "I'm going to blow up the local mall" is probably a targeted message, but even something as simple as adding a character between the original characters would seem to make a message "non-targeted" (i.e. "I.'.m. .g.o.i.n.g. .t.o. .b.l.o.w. .u.p. .t.h.e. .l.o.c.a.l. .m.a.l.l..."). Obviously, this wouldn't fool a minimal attempt to decrypt it -- as minimal as actually having a real person try and read it -- but wouldn't this slip right past most automated detectors?

    How much processing/investigation time does it take to ensure that this message with the above comment isn't actually a terrorist threat?

    Assuming the NSA can automatically scan all internet traffic for suspicious words (in every language?) this message gets flagged as a possible target and is stored locally until...

    A second program or intellegence anaylyst scans this message to determine whether "blow up" is in the context of a terrorist target or if it refers to "Plastic Patty: the Blow Up Doll That's Fun to be With!".

    Obviously, if I'm a research scientist or investment analyst, I'm more likly to be targeted by default and would need a higher level of security.

    In other words, I wouldn't rely too heavily on technology, but in my opinion it _may_ be possible to rely on the realities of economoics and time.

  • Long live cryptography!

    Most of the issues mentioned involving hidden messages in various formats such as jpg's and audio files are not new news however I feel any information published is good to know from an educational perspective as well as a model for those paranoid types who are concerned with big brother based programs such as Echelon and Carnivore.

    Applied Cryptography offered some nice information as did Information Security Management Handbook but for relevance as to the extent of big brother watching, some should go to the NSA's [nsa.gov] website and read up on their archives including Venona, and the Enigma machines to get a grasp of how deep government goes in to get their information and how you can address minimal measures on your own to avoid having your information snooped.

    Last September I also wrote a quickie document on Circumventing Carnivore [antioffline.com] that mentions some of these methods to pass information off without it getting caught up on a steriod induced governmental sniffer. Sure it may not be Harvard type material but it should create interest to anyone not too familiar with encryption, ciphertext, algorithms, a simple how to.

    As for the title disappearing crypto I hardly doubt it is disappearing in fact with all the hype surrounding PKI's, and the media's ever mentioning of `[H]ackers* I can see many more books, FAQ's, and companies rushing to release more information on crypto from all levels be it beginners to mathematicians based levels.

    /me bounces to fatbrain to place an order with info obtained from creditcard.com crackers (of course I'm kidding)

    Sexy Unix Chick [speedygrl.com]
  • As for technology as a double-edged sword ... but the implication of using the word "sword" is a violent one. ... science in general (esp. math!) as a natural resource.
    A quick aside; science, sword, scissors, even shit, all come from the same root, meaning 'to cut, to separate.' Western science is violent separating, dissecting, tearing apart of something to discover it's workings.
  • The review makes a somewhat misleading assertion, that steganography obviates the need for cryptography. Encrypting your message first somehow (e.g. making it look like line noise) is actually a good step to take, as it will enhance the protection afforded by steganography - the altered image just looks randomly "noisy." This is especially helpful when using images encoded with lossy compression schemes such as JPEG - since different compression factors can lead to visibly similar images, but with different noise patterns. After all, if the Bad Guys somehow come up with the original image, and compare it to your altered image, you don't want your plaintext just popping out at them instantly, do you? It's like the difference between running 'crack' and 'diff' ... or giving away your one-time pad.

    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  • "This presented a problem: if Coventry was defended or evacuated, the enemy would realise that their cryptosystems had been compromised, which would cost the English a key strategic advantage. So the city was sacrificed."

    ..and if you've ever been to Coventry, you'd know why.... ;-)

  • by peterwayner (266189) <p3@wayner. o r g> on Sunday January 02, 2000 @09:19AM (#1416689) Homepage
    The book is pretty dated already, but I think that the core information is still relevant. The workshops on Information Hiding include plenty of great papers. The watermarking folks have done some interesting research, but well, we may never know much about that because the SDMI is so intent on secrecy and security through obscurity. Welcome to the new Dark Ages. I'm planning on updating the book and perhaps producing another volume in the near future.

    The easiest part to update at this point is the code. The book contains printed Pascal, something that was almost considered a munition before the latest glasnost in the crypto wars.

    There is now C code thanks to Jason Penney. He converted the original Pascal code in a pretty direct fashion. I converted the Pascal into Java. You can any of the three versions by sending me email to pcw@flyzone.com. I'm thinking of getting a website going once I figure out the current state of the export regulations. There's some problems with leaving an open site for North Korea, I think.

    The program itself is modular so you can write your own grammars for encoding messages without learning C, Pascal, or Java. That means you don't need to use my lame baseball example. One of the neater developments is a website for converting messages into spam, a medium that is quite lame by default:

    http://www.spammimic.com/index.shtml

    Finally, if you have suggestions for new information hiding techniques or steganographic algorithms to include in a future version, I hope you'll write and suggest them to me. Any help you can give, would be appreciated.

    Thanks.



  • No, it's not security through obscurity. Security through obscurity is reliance on the fact that the encryption method is secret to keep the data from being read. It's dismissed because a poor encryption method is vulnerable to mathematical attack no matter how secret it is, and a good encryption method is relatively invulnerable even if the method is known.

    But encryption is not the end-all and be-all of security. While it hides the data you're sending, it doesn't hide the fact that you're sending a message, and is thus absolutely worthless against signals intelligence. For example, if a spy in Beijing is sending encrypted letters adressed to CIA headquarters every day from his home's mailbox, then no matter how well encrypted the message he sends, it's still obvious that he's sending information to the CIA. If he's posting pictures of his kids that have an encrypted message hidden in them to a photos newsgroup, it isn't as obvious.
  • Stenography is often raised as a solution to the covert exchange of data, but I question its validity. There are a group of very bright people employed by governments who have spent 30 years studying ways to detect hidden information, and the government has almost unlimited resources and the root password to the Constitution at its disposal.

    the key to stenography is not neccessarily about keeping the government or whoever from reading the information. What stenography is really about is keeping them from realizing there is any information to be read at all. It becomes more difficult if One regularly posts the JPG's to a newsgroup, some with important data (encrypted then embedded) and some without. First the government has to realize something is going on, then they have to analyze all the JPG's to figure out which ones have data, they must then decrypt it (only to find 4 out of 5 of the messages were about golf games) and even after all that, there is no way to tell who the intended reciepient was.


    Jesus died for sombodies sins, but not mine.

  • The problem is that these =people= don't just have a few extra powers... they have powers that they can exercise with little fear of being held responsible for their actions... It may only be one person who decides to take an action but once taken, that person has an enormous shield that even usually prevents their identy being revealed. It is big brother that the individual bureaucrat hides behind.
  • Interesting (I wish I had some karma to give).

    Also, for a brief article, check out The Register today for a brief overview of Tempest:

    The Register, TEMPEST [theregister.co.uk]

  • Bush and the bulk of the GOP are every bit as dangerous as Clinton and the bulk of the Democrats.

    Mostly true IMHO, but I still believe Bush is a lesser of two evils. Attacks on the constitution have been in progress for quite a while, argueably commencing with FDR. Heck, he added three(?) justices to the supreme court to get his agenda through! Imagine Clinton or Bush making the Supreme court 15 justices. The man had no shame!

    While it was only a single issue, I thought the reponses offered by Bush and Gore to the question of school kids getting at pr0n was interesting.

    Bush was critisized for recommending that libraries and public schools (public istitution receiving federal funds) implement some sort of filtering software. OK, not great. But did you ever see Penthouse offered in a library or school? Also these are limited to individual machines. Simple to implement and to disable.

    Gore offered to force all ISP's to log *all* traffic by IP address. Who gets to see the logs (and who the hell would pay for all the storage?) How long before they would be routinely inspected by law enforcement agencies to protect the public safety and 'the children'? You tell me which is more intrusive and prone to abuse.

    Hopefully Bush will renege on Wassemar and remove controls on crypto.

    BTW, I voted for Harry Brown.

    If you put a collar on for 'protection' today, don't be surprised to find a chain attached tomorrow.

  • Well, it's a bit more complicated than all that. Steganography is a close cousin to encryption and it's often used in conjunction with it. If you encrypt first, then the data looks like white noise. Even if someone knows the steganographic program, they're not going to recover the data.

    But using labels to define what is encryption and what is steganography is not easy because many of the better steganographic algorithms use keys to control how and where the information is hidden.

    Here's a simple example from the book. Imagine that you're going to hide information in "bad disk blocks". You might arrange to take some perfectly good disk blocks and mark them bad so the standard DOS will complete ignore them. A simple solution is to take k blocks of data and store them in the first k free blocks.

    A more sophisticated solution uses a cryptographically secure random number generator to select a randomly ordered subset of k blocks from a set of n. The random number seed used to start off this random number chain acts like a key. Even if an attacker knows that you're using the old "bad block" trick, he won't know which blocks you chose and in which order you stored the data. This gets more interesting the smaller the size of the block happens to be. When it gets around the bit size, then it's essentially strong encryption.

    There are many other keyed solutions. Many of the newer algorithms rely upon them. So do the better watermarks for those who intended to thwart whatever the SDMI folks throw into music. Some of the best solutions work like spread spectrum radio (the original steganographic solution) and allow several people to store their data in the same big pool without disturbing each other. It's pretty cool.

    When does keyed steganography become cryptography? Well, that's a question for the language police. The mimic functions can scramble the grammars with a random number generator. I can give you an argument that the scrambled mimic functions could be as strong as RSA, but its just math. Unfortunately the best we can do is wait for plenty of people to try to break a system before we can put much faith in it.

  • One of the nice things about OutGuess is the fact that it is keyed. That means you can scramble the steganography with a key. An attacker must recover the key to recover the data, something that seems pretty difficult. (Of course, nothing is ever certain in cryptography.)

  • What you propose is essentially security through obscurity, a practice routinely dismissed by those with basic knowledge of cryptographic algorithms and protocols. Perhaps steganography can be used to make such a system valid, but I doubt it.

    Moreover, this discussion only pertains to private conversation between two individuals. Even if I perform all data exchanges with my bank, doctor and insurance company via encrypted channels, it doesn't mean squat once they decide to share information with each other or anyone else willing to pay for it. I'd much rather do sensitive business with a company that has poor data protection but a strong privacy policy than the other way around.
  • by Anonymous Coward
    I'm as doubtful about blaming the ills of "Big Brother" on a faceless Government as I am of the Government blaming crime and the ills of the world on a faceless population.


    As you pointed out, politicians are people. The problem is not a question of finding more ethical people to run the government. If only one leader needed to act ethically, we might maintain some kind of ideal society until such time as we made a mistake and put in the wrong leader. The problem is that governments have been given powers that people did not rightly possess in the first place to give them. I recommend reading Human Action [mises.org] by Ludwig von Mises:

    Other philosophers were more realistic. They did not try to guess the designs of Nature or God. They looked at human things from the viewpoint of government. They were intent upon establishing rules of political action, a technique, as it were, of government and statesmanship. Speculative minds drew ambitious plans for a thorough reform and reconstruction of society. The more modest were satisfied with a collection and systematization of the data of historical experience. But all were fully convinced that there was in the course of social events no such regularity and invariance of phenomena as had already been found in the operation of human reasoning and in the sequence of natural phenomena. They did not search for the laws of social cooperation because they thought that man could organize society as he pleased. If social conditions did not fulfill the wishes of the reformers, if their utopias proved unrealizable, the fault was seen in the moral failure of man. Social problems were considered ethical problems. What was needed in order to construct the ideal society, they thought, were good princes and virtuous citizens. With righteous men any utopia might be realized.


  • Mostly true IMHO, but I still believe Bush is a lesser of two evils.

    Maybe but only in the most useless of senses.

    Let's imagine that I'm 65 years old and I have 200,000 in the bank. I have a choice between one scumbag who is going to take it all or another who is going to take 199,800. Which do I choose? The lesser of two evils of course. At least I can break the news to my wife over a nice dinner.

    Since Limbaugh has turned liberal into a dirty word I'll claim to be a progressive, but I still think your guy Brown is a Big Mac with fries better than the grease bags the major parties put up for us to choose from.

    Like you I choose to skip them this time.

    --

  • So, would the ethics of todays US Army have cost us the campaign had they been the ethics used by the US Army of WW2?
  • Yep. What the Luftwaffe started the local council are carrying on. They recently demolished a row of tudor shops/houses to make way for a shopping centre ("Mall" for the USAnians reading this).

    And as for the ring-road... Gah ! What an abortion. Truly the worst in western Europe.

    I've been to nicer, prettier places than Coventry, like Sarajevo, Mostar, Srebrenica...

  • >So, would the ethics of todays US Army have cost
    >us the campaign had they been the ethics used by
    >the US Army of WW2?

    You seem to be asking "would disclosure of Enigma's compromise have caused the certain loss of the war?" It's hard to say for sure, even in retrospect. You might as well ask, "would faster dissemination of information to field commanders have given us a tactical edge over Germany, allowing us to finish the war sooner?" Current philosophy and doctrine seem to say "no" to the first question and "probably" to the second.

    Remember that even if Germany had found out about Enigma's compromise they didn't really have anything to replace it with, so they'd have been forced to either abandon it completely for something less reliable/fast/secure or somehow recall the encoding wheels and distribute new ones to all of their stations. In either case their communications would be disrupted or interceptable (or both) until a new and better system was in place. Besides, even if they did manage to change the wheels in all of the Nazi stations, how long would it have taken Turing to break the code again if it were based on the same principles? It's kinda like the situation with the DVD CCA and DeCSS modernly... ;^)

    I'm no historian, though, so take this with a grain of salt...
  • Flamebait, No. It is basically the reverse arguement of what all of these governmental conspiracy nuts have been saying.

  • And keep in mind old != outdated. For example Computer Security Basics by the good folks at O'Reilly is old but still very usefull this is because it teaches concepts that do not change and leaves the specifics to the reader. It sounds like the only bits of this book that are outdated are some web addresses and specific versions of apps. All in all it sounds very cool although I don't think I have the math for it.
  • It's kind of amusing (though I of course understand the motivational differences) to see a lot of the same people that decry banner advertising as a waste of bandwidth looking at this kind of obfuscation as a pet project.

    Given our next President and the impending erosion of freedoms I can understand the motivation though. Once a CIA brat, always a CIA brat... :-)

    --

  • They sacrificed a good deal more than Coventry, and went to extraordinary lengths to keep the Germans from becoming aware of exploited weaknesses in their encryption methods.

    But that's an issue of strategy and ethics, not technology. You're really asking whether it's ever proper to sacrifice something (or someone) now for some supposed benefit in the future.
  • by Anonymous Coward
    Let's not forget that no cryptography protects you from a good old CRT-refresh cycle tracer. The feds use it from up to thirty yards away, depending on your computer monitor. Someone reply with a link, I haven't actually seen this in awhile...they got it covered up good.
    -Yeah, I have 27 karma from my non-coward posts.
  • The relationship between government, the military, and technology has an incredibly rich and colored history. Sometimes, science is challenged and expanded by the needs of the people, as with the space race in the 1960's. However, technology can also be twisted into devastating weaponry, as evidenced by the atom bomb and its progeny.

    I think that judging the agencies who use (and break) encryption is unwise - after all, I want the NSA to break the next Enigma code in the next big war, even if the government has swung too far to the fascist side of things.

    As for technology as a double-edged sword, well, that's undeniably true, but the implication of using the word "sword" is a violent one. I prefer to think of technology, and science in general (esp. math!) as a natural resource. We can build computers with it; we can build 100 megaton bombs with it. In the end, the way we use technology is our testament to the ages.

  • by knewter (62953) <josh.rubyist@gmail. c o m> on Sunday January 02, 2000 @08:14AM (#1416709) Homepage
    I believe that what you're talking about is Van Eck Phreaking (that is, interrupting the stray RF that the cathode ray tube in your monitor transmits, and recreating the image on another cathode.). This is quite old stuff, and is still in use today. The Tempest stuff that was recently released deals greatly with this. Basically, if you don't have a monitor shielded in metal, you're at risk, and that's that. For more information, you can check out this link [shmoo.com] for basic information, and Van Eck's original submission, or you can check out this one [eskimo.com], and lastly, if you want some info on how to build a Van Eck Phreaking rig, then I would suggest the book at this site [tsc-global.com]. Don't forget to type in Van Eck in the search box to find the box. Happy Van Eck'ing.

    --Josh Adams
  • Outguess looks pretty nice, but unless I misunderstood the information on your page, there are no binaries available.

    A quick view of the download page reveals only tarballs, so while I guess this is good thing, it would be a hell of a lot better if you actually had a few binaries (for consumer-level platforms) so that Joe Windoze can decide he wants to encrypt his manifesto/novel/pr0n, he can do so without installing a *nix and learning how to MAKE a binary from source.

    Remember that the 'envelope' anology works only if *most* people use envelopes (encryption/steganography) around their letters rather than sending (unencrypted) postcards.

    Come on, guy. It's not that hard to compile a console-style win32 binary.
  • We need more plugins. How about one for valley girl speak? Has anyone looked at converting the various filters into tools for steganography? It shouldn't be hard? I would like guess you've like got plenty of like choice about where to like put the word "like". That means you can store plenty of like bits.
  • They also let ships get sunk, etc. even when they knew the positions of subs.

    Sometimes they'd do things like first send out a "surveillance" plane and let the Germans see it. Then the Germans would think that the British had just happened to see them and thus the attack was to be expected. Those Germans must have been getting pretty damn frustrated when every single secret covert operation was discovered by some "chance" flyby from a surveillance plane. But they deserved it for being so damn smug about enigma, not to mention the age old end-user weak link (i.e. people in the field using the same damn keys over and over, trusting that the machine would just magically make all their correspondence uncrackable).
  • It's been written about in several books. There was no advance knowledge of Coventry being bombed. Do a web search, find the refutations. This should be common knowledge by now, it's been refuted so often.

    --
  • by Anonymous Coward
    politicians =are= people

    That's what bothers me....

  • Come on, tell me how you can honestly believe that Clinton and Co. are valiant protectors of our freedom

    Of course I don't why would you think I do!

    Ahhh, I see. Because I dissed Bush you assume that I support Clinton. While this might be the societal norm, you might do well to keep a bit more open mind. Bush and the bulk of the GOP are every bit as dangerous as Clinton and the bulk of the Democrats.

    Before this gets modded -1 offtopic you should spin by my web site listed in the sig. If you aren't convinced by my accusations of an arms for hostages Slick Willy style then we can continue this discussion there.

    --

  • You may be glad to hear that this philosophy has changed somewhat. I grew up in Fort Meade, MD and knew several employees of the NSA, including family members of mine. I remember hearing the Coventry story several times, always in the tone of "I'm glad we don't do that anymore".

    Decisions of that type were made when our intelligence operations were young and took themselves much more seriously than they do now (if that's imaginable ;^) I've grown up now, and work for the Army in an Intel unit. Army doctrine regarding intelligence gathered from even the most sensitive sources is that it does no one any good if it isn't transmitted to the people who need it (battle ground commander, mayor of the city about to be bombed, etc.) Saving US and civilian lives is the first priority, so at least today's US Army wouldn't sacrifice Coventry to save the Enigma; in fact, just the opposite.

    Please don't judge modern intel analysts based on the poor decisions of their forebears
  • Besides, usually the people doing us the most harm in our government are not politicians at all. They are either appointed or hired. Did you vote last election on the director of the NSA or CIA? By being appointed these people do not have any reason to answer to the public at large.
  • Nope, sorry to disabuse you of your prejudice but I just hate Coventry, nothing personal, regionalist, north/south/midlands etc., just personal opinion.

    My SO comes from Coventry and even she agrees with me, it's the pits.

    Ian

    P.S.

    I don't frequent uk.misc.... at all.

    Although you obviously have intimate knowledge of those sort of newsgroups.

    P.P.S. If you want to flame me then have the courage to post as something other than "anonymous Coward"

    HAND

  • It has to be real, because I saw it in In the Shadow of Z'ha'dum [midwinter.com]
    ---

  • I hate to be picky, but seeing "stenography" (2 : shorthand especially written from dictation or oral discourse) posted repeatedly as the subject line is making me laugh.

    It's a book about masked data, not how to dictate your boss' correspondence. ;)

    Say it with me... Ste-gan-o-gra-phy
  • Stenography is often raised as a solution to the covert exchange of data

    No, it isn't. Stenography is rapid writing system commonly used by secretaries before tape-recorders became commonplace.

    I suspect you intended to write steganography!

  • by bluelip (123578)
    I see that the it includes some algorithms. Does it include reference implementation in code for these? I usually find these quite helpful.
  • by jd (1658) <imipak@noSPam.yahoo.com> on Sunday January 02, 2000 @07:28AM (#1416723) Homepage Journal
    I'd think very carefully about this aspect of things. In the end, whether we like to admit it or not, politicians =are= people. Sure, they're people with a few extra "powers", but unless you honestly think that someone else would act any differently, I'm as doubtful about blaming the ills of "Big Brother" on a faceless Government as I am of the Government blaming crime and the ills of the world on a faceless population.

    Seems like there's a bit too much buck-passing and not enough responsibilty, on ALL levels.

  • by gehirntot (133829) on Sunday January 02, 2000 @07:29AM (#1416724)
    Steganography is actually a field that has received more attention from research in the last few years. The Information Hiding Workshop [navy.mil] comes to mind.

    Information Hiding Techniques for Steganography and Digital Watermarking by Katzenbeisser and Petitcolas is a book that has just been published last year and contains a lot more detailed technical information. However, Disappearing Cryptography is at least an amusing book to read.

    There is also a bunch of software out there that can be used to embed hidden information into images and sound files. However, most of the programs can be detected. Read the paper by Westfeld and Pfitzmann, "Attacks on Steganographic Systems".

    I myself have written a tool to hide data into JPEGs. It's called OutGuess [outguess.org].

    You can find more software here [tripod.com].

  • by theeds (300421)
    Even the most outdated material can bring back a resurgence of new and updated material for the future. Just look at MUD's. Everyone thought they were outdated but now they're aparently having a resurgence of their own, as is the subspace community. Also, I've noticed among some com sci friends that many are looking back into the older languages.
  • by sql*kitten (1359) on Sunday January 02, 2000 @07:21AM (#1416726)
    Stenography is often raised as a solution to the covert exchange of data, but I question its validity. There are a group of very bright people employed by governments who have spent 30 years studying ways to detect hidden information, and the government has almost unlimited resources and the root password to the Constitution at its disposal.

    Let me give you an example. During WW2, the English developed a technology for decrypting the communications of the German military. One of these messages revealed that the city of Coventry was to be attacked. This presented a problem: if Coventry was defended or evacuated, the enemy would realise that their cryptosystems had been compromised, which would cost the English a key strategic advantage. So the city was sacrificed.

    Now, the spiritual descendants of these early cryptanalysts work for the NSA. If they have the technology to scan for stenographically concealed data (or even to decrypt PGP) don't expect them to announce the fact. The UK goverment have recently decided that they want to be able to read every packet on the UK Internet backbone: why would they bother if it was that easy to conceal information?

    In other words, don't rely too heavily on technology, because it's a two edged sword.

  • Come on, guy. It's not that hard to compile a console-style win32 binary.

    It is somewhat more difficult when you don't have access to a win32 machine. If it is so easy, why don't you provide us with these binaries? I agree with your line of reasoning, but I think a little help rather than whining would help the cause a lot more...

    -bluebomber

For God's sake, stop researching for a while and begin to think!

Working...