Viewing a single comment thread. View all comments

czl t1_jb9kzow wrote

You get images or video that you suspect may contain a message but not access to originals and you want a way to judge whether there is a message present and inside which images.

It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.

If you compress you message well the result is near noise and it is that noise that you then mix among the “natural noise” your media contains. Done right this is hard to decode or even detect unless you know the algorithm.

When claims are made about “encoding efficiency” that depends on (1) what you are hiding (2) inside what with (3) what chance of detection.

32

zortlord t1_jb9vqmd wrote

>It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.

This is just steganography using media files.

14

greenappletree t1_jb9rxv4 wrote

Wouldn’t it be even safer to encrypt the orinal anyway and then obfuscate it with stengraphy?

8

D_D t1_jb9x3dz wrote

But if you encrypt information everyone knows there's information to be uncovered. Not every image you come across on the internet has hidden messages.

8

TheSoup05 t1_jbc41ks wrote

That’s usually what you’d do. Typically steganography isn’t your only form of security. You’d encrypt it first, then encode it. And even if you can detect that there is a hidden message encoded in some file, that doesn’t mean you actually know how to extract it even if it’s not encrypted.

The steganography is really just there to try and avoid having people know you have something worth encrypting so that they aren’t trying to figure out what it is in the first place.

7

czl t1_jbbk1ar wrote

Originals are proof stenography was used. You destroy those since they are not needed for anything after you send the altered media.

6

green_meklar t1_jbcyt96 wrote

You don't need to keep the original at all. Just delete it. The version with the hidden message should be the only version anyone but you ever sees.

2

volci t1_jbbrlww wrote

> Done right this is hard to decode or even detect unless you know the algorithm.

And then you gett he problem of security by obscurity .. "as long as no one knows how we did it, it's secure!"

2

shponglespore t1_jbcffcx wrote

Obscurity should never be your only security measure, but it can still play an important role in your overall security strategy. You can and should encrypt anything you're hiding with steganography.

Also, steganography isn't really security through obscurity. That phrase generally refers to things like trying to keep a weak encryption algorithm secret because anyone who knows the algorithm has a huge head start on cracking it. Good crypto algorithms are designed to be secure even when an attacker knows exactly which algorithm was used.

4

czl t1_jbc3ne5 wrote

Is stenography used for security? No. It is used for plausible deniability. For security there is encryption. You understand the difference do you not? When you need both you use both of course.

3

volci t1_jbc9gjt wrote

Steganography is used for security

Maybe it shouldn't be ...but it is

1

czl t1_jbcli5n wrote

> Steganography is used for security

Steganography is confused for security.

Steganography can help security but it is not security. It increases the work needed for discovery and only that.

Analogous to the difference between cover and concealment: "Cover is protection from the fire of hostile weapons. Concealment is protection from observation."

Steganography is like "concealment" but not like "cover". To have "cover" you need encryption. You can have one or the other or both.

2

volci t1_jbcnorh wrote

Wikipedia disagrees with you ...https://en.wikipedia.org/wiki/Steganography?wprov=sfti1

Steganography is a form of security

Via obscurity :)

1

czl t1_jbcs10i wrote

My words above are:

>> Steganography can help security but it is not security.

To that you reply

> Wikipedia disagrees with you… Steganography is a form of security … Via obscurity

Obscurity can help security but it is not security is it? You know better than that to believe that so why do you reply to me with ‘Wikipedia disagrees with you’?

Here is what the wikipedia link you shared says:

>> Whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent and its contents.

Concealment can help you avoid detection but concealment does not offer protection does it? If someone has a gun a pile of leaves may conceal you but will it protect you? What do you suppose happens to those who confuse concealment for cover (which does offer protection)?

Do you genuinely not understand the difference between stenography vs cryptography and the different purposes (as Wikipedia explains) they have? Are you being disagreable on purpose to act like a troll? Why then are you being disagreable? What is your purpose?

1

green_meklar t1_jbcyzzs wrote

With proper cryptography, even if they do know your algorithm, they still can't read your message without the decryption key. Ideally, with good steganography, knowing your algorithm can't even tell them the message is present without the decryption key.

3

volci t1_jbae8x8 wrote

You have to have the unaltered originals somewhere, or you won't know what you hid where

−7

czl t1_jbbjlgv wrote

> You have to have the unaltered originals somewhere, or you won't know what you hid where

You do not need originals.

Data can be encoded to look like noise yet still be decoded if you know the algorithm despite not having unaltered originals.

This is commonly done when secret messages are EM transmitted for example with turbo codes: https://en.m.wikipedia.org/wiki/Turbo_code

With stenography instead of encoding messages in the EM spectrum you encode in the media (sound, images, video, ...) you are using.

If you have data treated to look random (compressed / encrypted) you can for example encode it using the "least significant bits" of your media which are mostly sensor noise anyways.

A more sophisticated approach can spread this out across pseudo random offset pixels. Your algorithm knowing the pseudo random sequence can decode your data analogous to https://en.m.wikipedia.org/wiki/Spread_spectrum techniques for secret messages transmission and applications like: https://en.m.wikipedia.org/wiki/Low-probability-of-intercept_radar

6

green_meklar t1_jbcz5sf wrote

No, the idea is that you leave data in the file itself that tells the recipient how to find what's hidden in it. The recipient doesn't need to see the original, all they need is the right decryption algorithm and key.

0