RE: steganography

From: Harvey Newstrom (
Date: Thu Sep 20 2001 - 07:54:39 MDT

Spike Jones wrote,
> Take a 256 color JPEG, unmodified
> in any way. Take your message, convert it to ASCII. Search for the
> first character in the photo, record the position of that byte, proceed
> to the second, etc. Granted you need a really colorful photo to make
> this work, such as a Mardi Gras celebration. When you are finished,
> PGP encode the character string that tells the decoding program where
> to find each pixel, which it converts back into the message. Once again
> you have a photo in which one cannot prove an encoded message
> exists.
> Does this algorithm have a name? spike

Yes. This is a simple replacement cipher using the photo as the code key.
Such codes are much easier to crack than encryption. This is not a form of
strong encryption or encryption at all. Such key codes were dropped decades
ago because of their ease of being cracked.

You also have a distribution problem where you have to send the decoding key
(photo) to the recipient before they can decode the message. The decoding
key might be intercepted as easily as the coded message might.

This is a symmetrical cipher, such that decoding is not mathematically
harder than coding. You must keep your methodology "obscure" because people
can read your code if they know how.

This also is a form of "security by obscurity" because you must keep your
methodology secret. If anybody guesses or finds out how you did this, they
can read the code. True encryption makes it hard to decode a message even
if you know the method, hence nothing needs to be kept obscure.

Harvey Newstrom <> <>

This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:53 MDT