RE: Steganography

From: Eugene Leitl (
Date: Thu Sep 27 2001 - 00:28:26 MDT

On Wed, 26 Sep 2001, Harvey Newstrom wrote:

> I am not going to take the time required to break the encryption of
> seshat1.jpg, seshat3.jpg, and seshat4.jpg to determine which is PGP
> encrypted, which is otherwise encrypted, and which is random data. I

Um, you're joking, right? There is no other way to tell than the break the
cryptosystem, which in this case means brute-forcing it.

> am trying to show that steganographic messages are not undetectable.

Well, we've hardly started yet. Mikael's experiment was just a repetition
of my first stage: you were given a comparatively small image with an
image without a payload. Showing which one contains steganography and
which is not is very easy, I'm "breaking" it with ls -l:

-rw-rw-r-- 1 eleitl eleitl 2203169 Sep 27 08:15 out1.jpg
-rw-rw-r-- 1 eleitl eleitl 2203027 Sep 27 08:15 out2.jpg

The first image is slightly larger, because it doesn't compress as well,
since it contains high-entropy bits from /dev/random

You did not extract the encrypted message. You've just shown you can tell
there's a message in there, if given an unloaded vehicle and loaded

> Cracking the encryption would take much more time and would not add to
> my basic point. (I don't think anyone disputes that encryption can be

The basic point is that you can tell which image contains stego and which
is not. We've hardly started yet. Next round will be large images of
different sizes, levels of noise.

> cracked given enough time and cpu power.)

Harvey, this claim is true. Given enough energy and reaction mass you
could deorbit the Moon in a year. Givena time window of 5-10 years
bruteforcing a current cryptosystem is impractical, since there's not
enough crunch on planet present.

This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:58 MDT