lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikFQmSsfJUO7HZy=L9Ei91_kO_wpN4XTbYAirgK@mail.gmail.com> Date: Thu, 13 Jan 2011 15:21:46 -0300 From: Tomás Touceda <chiiph@...too.org> To: stormrider <strmrdr42@...oo.de> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: ESFS - The encrypted steganography filesystem Hi stormrider, 2011/1/13 stormrider <strmrdr42@...oo.de>: > Hey Tomás, > > this sounds like a nice idea. Especially the fact that you kinda > "overmount" one filesystem over another to access hidden data. > But - as far as I know there is actually no steganography technique that > can really *hide* the data. So you will not be able to prevent someone > from finding out that there is some information inside the images. You > might want to read What I meant with hide is that, since it uses the LSBs, you can pick any image, and "find data" in them, so it makes it a little bit harder to know where you actually have data, and if you really do. > > Attacks on Steganographic Systems. Andreas Pfitzmann: > Information Hiding. Third International Workshop, IH'99, Dresden, Germany > > This should clarify things ;-) Thanks, I'll read it... I haven't read a lot about steganography I must admit, I have to get up to date with this. Thanks a lot for the input! Cheers, > > My information might be out of date, but after that publication it > became very silent around steganography and I haven't heard any news > since then... > > regards, > stormrider > > Am 12.01.2011 20:08, schrieb Tomás Touceda: >> Hello everyone, >> >> I wanted to announce this little pet project that was born a couple of >> weeks ago, and now it sees the light in the form of a proof of >> concept, in hopes that it'll become a fully featured filesystem. >> Here's an extract of the main README text: >> >> ============================================================================ >> >> What's this? >> >> Just like the title says, it's a filesystem. Particularly, it's a FUSE >> filesystem that's implemented entirely in Python (for now), and it's a >> proof of concept in alpha state, so don't save stuff only within this >> filesystem just yet. A couple of weeks ago, I started reading about >> and playing with encrypted filesystems (LUKS + dmcrypt, encfs, etc). I >> came across an email (actually, a friend of mine tossed me the link) >> from the now well-known Assange, about a Linux kernel module he and >> other people were working on that provided different layers of >> encryption in a filesystem, so you can say "oh, yes, I have encrypted >> data in here", but in a deeper layer you'd have more encrypted data, >> with another key, and nobody but you would know about it. And I >> thought it was a really cool idea. I started looking for the code, but >> it was too old to be used with the current kernel. A couple of days >> before that, I read about StegFS, a filesystem that uses steganography >> to hide your files within your other files. And again, I thought it >> was a really cool idea, BUT I didn't like the fact that (and please >> correct me if I'm wrong) when you copied a file in StegFS, there's a >> chance you'll lose some other file. So, this one is usable, but this >> drawback didn't suit me. I started bouncing ideas with a lot of >> friends, and then it hit me: a filesystem, hides its data in images >> and encrypts this data. I wanted to build a FUSE filesystem since I >> first learned about it, so I finally had an idea to work with. This >> idea gives you the same advantages of Assange's kernel module: you >> have a bunch of images that seem like regular files, but when you >> mount the filesystem with certain parameters BAM! you have lots of >> files that nobody knew were there. >> >> ============================================================================ >> >> You can find the rest of this README, a more detail design document, >> and the actual code in: https://github.com/chiiph/esfs >> >> If you find any bugs, please let me know. >> Any comments and critics are more than welcome. >> >> Regards, > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Tomás Touceda Gentoo Developer Herds: Qt, Scheme, Lisp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists