lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D2F5184.9090903@yahoo.de>
Date: Thu, 13 Jan 2011 20:24:52 +0100
From: stormrider <strmrdr42@...oo.de>
To: Tomás Touceda <chiiph@...too.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: ESFS - The encrypted steganography filesystem

Hey Tomás,

Am 13.01.2011 19:21, schrieb Tomás Touceda:
 > Hi stormrider,
 >
 >
 > What I meant with hide is that, since it uses the LSBs, you can pick
 > any image, and "find data" in them, so it makes it a little bit harder
 > to know where you actually have data, and if you really do.
 >

in the document I mentioned (Attacks on Steganographic Systems by 
Andreas Pfitzmann - which you can find here: 
http://www.ece.cmu.edu/~adrian/487-s06/westfeld-pfitzmann-ihw99.pdf)
there is a very good example especially about using the LSB when trying 
to hide data.
What it says about the LSB thing is, that it's a "myth that least 
significant bits are completely random and therefore might be
replaced". Take a look at the windmill image in chapter 3.3 ;-)
I advice you to take a look at that document anyway, which was *the* 
deathblow for steganography in late 90s. It also covers many other stego 
techniques, not only the LSB thing. It is a good starting point if you 
want to get deeper into that topic.
But please, don't be discouraged by my humble opinion. Your project is 
nonetheless interesting and a good thing to learn. And there may be 
other findings about steganography around that I missed.

happy coding,
stormrider

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ