Stupid Guest Tricks

Big Wallaby wrote:Okay, I am finding this conversation extremely interesting. In a slack space stego, how much information can you usually put into the file?

I know many photos have stegonography in the form of EXIF data... info from the camera (especially in RAW photos) that don't show up in the image, but if I see the EXIF I can see how you shot the photo (aperature, shutter speed, ISO, white balance, where you had your lens set, date and time, etc.) and a lot of other info. Do different file types have different amounts of information you can add?

So many questions, but I don't even know where to start beyond that. Care to give a class?

Cryptography is great fun. Stego won't help you though. It does nothing to prevent the copying of the photos, it just provides a way of marking something as yours. It really is a novelty, as there are way better RSA based crypto systems such as PGP for proving ownership. Plus the stego is destroyed as soon as someone modifies the image in any manner. Straight encryption with a hidden container is more than enough for plausible deniability. If you are interested in how crypto works, I recommend listening to the applicable episodes of the Security Now podcast.

Big Wallaby wrote:Okay, I am finding this conversation extremely interesting. In a slack space stego, how much information can you usually put into the file?

I know many photos have stegonography in the form of EXIF data... info from the camera (especially in RAW photos) that don't show up in the image, but if I see the EXIF I can see how you shot the photo (aperature, shutter speed, ISO, white balance, where you had your lens set, date and time, etc.) and a lot of other info. Do different file types have different amounts of information you can add?

So many questions, but I don't even know where to start beyond that. Care to give a class?

There are several books out there, and several manufactures web sites. To answer your question about space, the standard is, 'that depends"

Various softwares available use different methods. the EXIF data in a picture really isnt Stego, in the sense that the digital photography program places it there as a function of taking the picture. Anyone with the knowledge of the program (i.e. the READ the info available) can retrieve that data. The Stego idea is that say, and entire different picture can be placed inside the first one. and unless you specifically look for it with the right tools, you will not find it. You see the difference? Some detection software uses a MD5 or SHA-1 hash system to check, but you need the origional file before data insertion to use as a base for a hash check. and even then, all you know is that the before and after hash values do not match.

kurtisnelson wrote:Cryptography is great fun. Stego won't help you though. It does nothing to prevent the copying of the photos, it just provides a way of marking something as yours. It really is a novelty, as there are way better RSA based crypto systems such as PGP for proving ownership. Plus the stego is destroyed as soon as someone modifies the image in any manner. Straight encryption with a hidden container is more than enough for plausible deniability. If you are interested in how crypto works, I recommend listening to the applicable episodes of the Security Now podcast.

Umm, stego isn't really a novelty. It is used daily and has expanded in a very lurrative business for the software companies. AS an example, if you visit a web site and see a companies logo displayed over a photo, and download that photo, the logo is still there. That is just one form of it. No crypto encryption used. A lot of web sites like that as a means of controlling their "property"

There is no doubt in my mind that Facebook was going to start embedding a stego "stamp" on everything uploaded to their site (if they havn't started doing it already)

Also the whole idea behind stego, is that you do not KNOW its there. with an encrypted container, you can see that there is something there.

ANYWAY, it is a interesting subject(s)

GRUMPY PIRATE wrote:Umm, stego isn't really a novelty. It is used daily and has expanded in a very lurrative business for the software companies. AS an example, if you visit a web site and see a companies logo displayed over a photo, and download that photo, the logo is still there. That is just one form of it. No crypto encryption used. A lot of web sites like that as a means of controlling their "property"

Have to disagree there. That is just a watermark, nothing hidden about it. Even if a company did hide info in a picture, it is pointless as it is easily accidentally over written.

kurtisnelson wrote:Have to disagree there. That is just a watermark, nothing hidden about it. Even if a company did hide info in a picture, it is pointless as it is easily accidentally over written.

Umm, thats just the part that is showing. A lot of web sites do not make it visible. as do a lot of other organazations that use it, but you don't see it.

Until you use it for yourself, and then they can pull it up and, using the tools, display, their copyright. That is the whole idea behind it. you don't know its there. A lot of what you term "watermark" is the visible portion. they often imbed a second or even a third one. so that if you "crop out" the visible one, at least two (or more) others are present. This method is also used by software companies who do this a a lot on the software disc's that are sold, and then illegally copied and distributed. a way of tracing back where it was stolen. (also a way to shut it off from upgrades/patches)

You can disagree, but my experience with the industry experts and represenatives that I have worked with, got assistance from, and talked with has shown otherwise.

At any rate, it is an interesting subject. one that a lot of my students have wanted to branched off into.

now back to SGT!!

how about that darn facebook, they took a step back!!

heheheheh