Talk:Steganography/Archive 1

Stegonography Easter Egg?
A Wikipedia easter egg: see Pikes Peak and find the hidden message.


 * Well, whatever it was, from the timestamps it's got to be one of the following article revisions:


 * http://en.wikipedia.org/w/wiki.phtml?title=Pike%27s_Peak&oldid=274493
 * http://en.wikipedia.org/w/wiki.phtml?title=Pike%27s_Peak&oldid=274494
 * http://en.wikipedia.org/w/wiki.phtml?title=Pike%27s_Peak&oldid=184817                                                                                                                                                &mdash; Matt 15:23, 13 Oct 2004 (UTC)


 * It's in Image:Ppeak-s.jpg. That was a few years ago, and I've forgotten exactly how I did it. But I know it was some package I found via Google. I did not encrypt the message. Discovery of the package (and the hidden message) is left as an exercise for the reader. <>< tbc 05:48, 10 Mar 2005 (UTC)


 * Using the stegdetect program written by Niels Provos, available from his site (http://niels.xtdnet.nl/stego/), the image Ppeak-s.jpg tests positive for steganographic content hidden using a version of JPHide. I don't want to spoil anybody with the actual message (I'll note that it's an appropriate set of song lyrics), but it's pretty trivial to Google "JPHide", download a version, and decrypt it using no password. Of course, that didn't stop me from spending overnight with Niels Provos' stegbreak and a 4 million word dictionary, before coming back here and finding out that there was no password. Sigh. Thanks for the fun easter egg! ByeByeBaby 15:14, 18 August 2005 (UTC)
 * Nice one! I'll check it next time I reboot to Windows (I can't get JPHide to compile under Linux), but I think we should announce this somewhere. &mdash; Matt Crypto 15:33, 18 August 2005 (UTC)
 * Climb Every Mountain?
 * Nuttyskin 11:07, 13 August 2006 (UTC)

Steganography name

 * The name comes from Johannes Trithemius's Steganographia: a treatise on black magic disguised as a book on cryptography, and is Greek for "hidden writing."

I was under the impression that this claim - orginally made by the Catholic Church - had been refuted. It really is about cryptography - or more generally, 15th century information security, since it branches into peripheral areas such as training couriers to memorise messages. In particular, the so-called spells in Book III were shown by Jim Reed to be cryptograms. In fact many sites today invert the sense of the quote above, and say that it is ostensibly about magic but really about crypto. However I don't know all the details, so does anyone know if there are any parts of the book that are definitively about black magic? Securiger 11:28, 4 Feb 2004 (UTC)


 * Yes, there were some parts that were apparently about the occult, but it is assumed that only about 3/8 of the original manuscript survived, and then only mostly the parts about encryption. I'm reading a book by Jacques Bergier, called 'Livres maudits' in which Trithemius work is mentioned in an occult setting. Why some parts didn't survive is the subject of considerable speculation. Trithemius work in Steganography is discussed in more detail in David Kahn's book 'The Codebreakers'.Crusty007 20:58, 5 December 2006 (UTC)

Factchecking
Two more problems(?) with factual claims here.

1) Bacon certainly suggested the use of different type faces to carry information. Was there also discussion of hand written stego? Have removed the handwritten part pending clarification.

2) I have heard several claims about the frequency of stego'd images on the Internet. None has been credible on second look. I have changed the claim, to an expression of indeterminacy. Can someone provide something credible on this point?

ww 16:30, 20 Apr 2004 (UTC)

Typo in image filenames
The images are named Stenography- instead of Steganography-. Arvindn 17:11, 20 Apr 2004 (UTC)


 * Arvindn, Sorry. I missed that entirely. Is this in response to 2 above, or something else? ww 17:39, 20 Apr 2004 (UTC)


 * Nothing related to the above. I mean the images in the article -- the tree and the cat. Typo in the filenames. Arvindn 17:43, 20 Apr 2004 (UTC)


 * I created the images and wrote a short one line stenography article to go with them. Then after someone claimed that stenography was to do with handwriting, I found out that it was called ste ga nography. "Ste ga nography" is a good example of ste ga nography, since the "ga" is well hidden in there and hard to see... &#922;&#963;&#965;&#960; Cyp    08:33, 21 Apr 2004 (UTC)

Python script for the sample images
Try it yourself!

I converted png to bmp and tried


 * $ python -c 'import sys; a=sys.stdin.read; sys.stdout.write(a[:54] + "".join(map(lambda(x): chr((ord(x)&3)*85), a[54:])))' < StenographyOriginal.bmp > StenographyRecovered.bmp

It worked :-) (54 is the bmp header length) Arvindn 17:43, 20 Apr 2004 (UTC)


 * I can't get this to work. :-/ Quizically, I constructed my own C-hack to do this for me and got the same result as I got with your script -- a distorted picture of the trees. Somehow, this implies I've understood the process and done the right thing, but something else must be wrong... What size is the original bmp you are working with? Mine is 120,054 bytes. Also, byte order might make a difference, but I though ANDing with 128+64 instead of 1+2 would solve that, but nope.. &#9999; Sverdrup 14:33, 13 Oct 2004 (UTC)


 * It works for me. I obtained the BMP using the "convert" utility from ImageMagick; I also get the length of the original bmp to be 120,054 (md5sum: 7e4ce7288ab0bcf6231c2ce653fbf9b9 StenographyOriginal.bmp). I can't think of why it doesn't work for you, though...&mdash; Matt 14:50, 13 Oct 2004 (UTC)


 * Well, I feel stupid; naturally it was the PNG->BMP conversion (which I could find no fault in in the first inspection) Apple's Preview application _of course_ dithers the image, even though I just asked for a format conversion with the same colour depth! :-/ convert solved the thing for me; thanks a lot. &#9999; Sverdrup 15:09, 13 Oct 2004 (UTC)


 * Ah, cool. Any ideas on the "Easter Egg" thing above, by the way?


 * If there's something, it's hard to find. It seems though that it's the picture that contains something; regardless of how you AND the other picture, a rough outline resembling the original can be seen. The first image, however, shows no resemblance to the original (to me) when ANDing with 1 or 2 or 3. &#9999; Sverdrup 16:06, 13 Oct 2004 (UTC)

Steganography / watermarking
It is very unclear what the following paragraph:

"Steganography can be used for digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified. In fact, in Japan "... the Content ID Forum and the Digital Content Association of Japan started tests with a system of digital watermarks 'to prevent piracy' (The Japan Times Online 26-08-2001)."

is doing in this article. First I don't know of any steganographic technique actually used for watermarking. The two have different golas. Second 'tracking' and 'verification' are not usually the main uses for watermarking. It's mainly been copyright protection. Third, many groups and people have tested watermarking algorithms to prevent piracy several years before the Content ID Forum or the Digital Content Association of Japan wake up!

Terrorism
This section is based on a set of rumours. Does the definition for "airplane" include a section about the usage in terrorism?


 * The section mainly debunks a currently widespread rumour, which happens to be the motive for most current public interest in this topic, including nearly all press coverage. If ninety percent of the population had no interest in aircraft other than their usage in terrorism, then that article should indeed include such a section; but unlike steganography, that is not the case. Additionally, this section notes that AQ's own training manuals claim that they do use invisible ink, which is closely related and rather interesting. Securiger 03:51, 13 Aug 2004 (UTC)


 * I agree with Securiger; the terrorism rumours are relevant here. Also, although the section discusses a set of rumours, they are carefully attributed. &mdash; Matt 13:31, 13 Aug 2004 (UTC)
 * And I will chime (not chyme) in as well. Securiger is correct in my view. ww 17:02, 13 Aug 2004 (UTC)

Trees to cat
OK, I give up. I am trying to reveal the cat image by manipulating the tree image. I downloaded the tree image, and opened it with GraphicConverter on my Macintosh. Any hints on what the next step is? How do I perform the "logical and" step?

Yea, n00b. :)


 * There doesn't seem to be a way to do this in GC; I have version 4.x though, and if you have version 5, there _might_ be a way to do it in GC.
 * Logical and is essensially this:
 * The image is a 32-bit image, which means each of the colour channels (Red, Green, Blue) has one byte of information per pixel. Each of these bytes is a sequence of eight bits. When we Do a logical and with 3 (1 + 2 = 3), we keep the two lowest bits:


 * byte AND 3 => result
 * 010011 01 & 000000 11 => 000000 01
 * The higher bits have higher significance, and hence contribute more to the hue/brightness of each pixel; we can use the least significant bits for extra information that is hidden in the picture. &#9999; Sverdrup 15:32, 13 Oct 2004 (UTC)

I agree. Including terrorism here only support fear-based politics and obscuring computing social image.

Stego/terrorism report
A recent news story:
 * "...An internal report obtained by The Canadian Press gives credence to the long-rumoured possibility Osama bin Laden's terrorist network and other extremist groups are using a technique known as steganography to hide the existence of sensitive communications...
 * ...A heavily edited copy of the January 2004 report, Computer-assisted and Digital Steganography: Use by Al-Qaeda and Affiliated Terrorist Organizations, was recently obtained from the Mounties under the Access to Information Act. Among the material stripped from the document is information on how best to detect, extract and view surreptitious messages... &mdash;

Because of this, we may soon have to update the "No corroborating evidence has been produced by any other source." note in this article 's "Rumoured usage in terrorism" section. I'd like to find out a little more about this report first, though! &mdash; Matt Crypto 15:15, 10 Dec 2004 (UTC)

Tree to Cat Example in Delphi
I was facinated by this article and decided to produce a quick application that would convert the tree, per the instructions, into a cat. The final result lacks a lot of color definition, so I would imagine there is still a key part of the algorytm missing from the instructions.

I'll post up the source code if someone can tell me where to put it. In the mean time here's a few bitmaps of the results.

1. Original Image

2. Image AND 3 (boolean operation)

3. Image Multiplyed by 85

John C. Lieurance -- March 2005

That's really cool. Who came up with the original images? And has anyone managed to work out the Pikes Peak Easter Egg yet? (This is way beyond my meagre technical skills). Lisiate 02:20, 4 Apr 2005 (UTC)

Try to put your program in wikisource.org or sourceforge.net Edggar

Well I tried to upload the application and source as a Zip file to the Wikisource and the server wouldn't have it. Its restricted to image / sound files. Sorry but I don't want to go through the trouble of creating a project in sourceforge.net either. I will email anyone the program that wants it, just follow my author link and you'll find my last known email address.

I've been giving more thought to the end result, a red image, and suspect that the final result needs a 256 color palette. Its possible to build such a palette from the original image and re-apply it to the red image using the variance of the red scale, 0 to 255, as a color index. If I get some free time I'll add such a modification to my application to test the theory. John C. Lieurance -- April 24, 2005

Update on the palette. The original tree image contains 13,323 colors. The original cat image contains 40 and my Delphi driven image contains 4 colors. There's no easy way to move the color palette over from the 13,323 color image, but I did move the original cat image (40 colors) over to my Delphi driven image. The results were quite interesting. It's closer to what it needs to be but its still a long ways off...



Here's the image from the top right after its been over exposed.



John C. Lieurance -- April 24, 2005

Updated my user id tag to point to my home page. My appologies for the dead link. John C. Lieurance -- August 18, 2005

I think treating the colour channels separately will do the trick. I'll try it and paste the source code on this talk page if it works. Shinobu 13:24, 17 August 2005 (UTC)

It works; I'll put it on my userpage for anyone who's interested, even though it's a really simple bit of code. I suspect converting it to Delphi or any other language won't pose problems. Bye, Shinobu 13:38, 17 August 2005 (UTC)

Image order
Correcting image order. The wrong order was apparently a hack, which worked fine for him, but screws it up for everyone with a browser that is in this aspect standards-compliant. Shinobu 22:44, 25 Jun 2005 (UTC)

Stegano/Terrorism rumors : wrong chronology.
Hello. The first mention of possible usage of stegano by terrorists is not by the New York Times in october 2001, but in USA Today in february 2001, so way before 9/11. The articles are still online, so it's easy to check that. What nobody seems to notice is that they were written by Jack Kelley, who in 2004 was fired in a huge scandal (similar to the Jason Blair fiasco in the NYT) because he admitted that he faked most of his stories. There is even an article about him here in Wikipedia (http://en.wikipedia.org/wiki/Jack_Kelley). I wrote about it there, with all relevant links : http://www.guillermito2.net/stegano/ideas.html (see very last paragraph called "Is steganography used by terrorists?"). I could try to modify the Wikipedia page myself but I never did that so I need to do some tests first on the sandbox. If anyone is interested, go ahead. 132.183.189.207 7 July 2005 15:16 (UTC) Guillermito

Okay, finally I added a paragraph about it. Feel free to smooth out my (bad) english. 132.183.189.207 7 July 2005 16:05 (UTC) Guillermito

Request snipped from main

 * I'm N00B.. i'm not sure about steganography.. can you teach me
 * e-mail-altf4_numeric@yahoo.com
 * One thing.. i make project in stegan- Hiding data in mp3..
 * can you give me some link.. Ok thanks   i owe you:

Thanks you...

Audio Steganography?
Does hiding 'images' in audio data count? See the Aphex Twin article for some links to examples of images placed in audio tracks that are viewable on a spectrogram. SHould this be included int he list of techniques? Lisiate 03:39, 12 August 2005 (UTC)
 * If the audio file is playable, and the data is contained in the audio track, then yes, of course! Shinobu 13:56, 17 August 2005 (UTC)

Alternative method for image sten
I think this method might be easier for non-programmers: 1. Halve the visible image's values. 2. Double them. (by doing this you have just cleared the last bit of each pixel) 3. Divide the values of the hidden image by 256 (so they're either 0 or 1) 4. Add the two images.

The important difference is that Gimp and others (probably incl. photoshop have add and subtract, but not AND).

I have some images, along with value graphs to show how it works. Note me if interested.

--Taejo 16:22, 3 September 2005 (UTC)
 * I would like to propose a few changes to this alogrithm to make it work with our examples. This makes it easier for the reader to experiment.
 * creating
 * 1) Let's divide and multiply the visible image by four -- since we use the lower two bits in the example. 2) Divide the hidden image by 85 (so they're in [0, 3]). 3) Add the two images.
 * reading
 * 1) Divide and multiply by four. 2) Subtract this image from the original. 3) Multiply by 85.
 * I think it's great that someone takes the trouble to cater to normal photoeditors by the way. Shall we put this in the article somewhere? Shinobu 13:24, 4 September 2005 (UTC)

code[c]less mandrel
Every now and then the c is removed and included... but the basic question is "what makes UDP a code[c]less mandrel?". Look up mandrel and you'll see what I mean. I've changed it to "protocol", because that at least makes sense. Shinobu 15:11, 28 September 2005 (UTC)

Playboy
I remember a woman who had written a simple steganography program who posed in Playboy. Does anyone remember who that was?

Opinionjournal.com hat tip
This article was referenced in OpinionJournal.com's Best of the Web Today for Friday, December 9, 2005. | Klaw ¡digame! 04:24, 12 December 2005 (UTC)


 * Hurray, we're famous! Look ma, we're on TV!Tommstein 04:41, 12 December 2005 (UTC)

Online image steganographer (shoping cart icon)
Quite a while back I remeber I saw a site which had a image steganographer (java?) which allowed you to choose a file on your on computer or on the internet and "encode" it on an image of your own choice, a shoping cart icon was placed on the finished image, that icon worked somewhat as a link to the original file, if it was a html the browser would open it, if it was a downloadable file the "save as" window was showed.

I would like to ask if anyone knows the url for that site as I lost it. Thanx for the attention

edit: as mather of fact, I would like to know about any online steganographer.

TiagoTiago 03:05, 19 January 2006 (UTC)

OTP - isnt this a slight mistake?
"in most cryptosystems, private symmetric session keys are supposed to be perfectly random. Even very weak ones (e.g. shorter than 128 bits). This means that users of weak crypto (in countries where strong crypto is forbidden) can safely hide OTP messages in their session keys."

In the keys?? That would be an OTP msg 128 bits long, right? Isnt even the encrypted data, regardless of the strenght of encryption, perfectly (or similarly) random? For instance, this is what the Truecrypt says about that:

"No TrueCrypt volume can be identified (TrueCrypt volumes cannot be distinguished from random data)."

Isnt this precisely because its encrypted (provided the algorithm and implementation are good) ?

This article also says:

"Concealing ciphertext within ciphertext. The method builds upon the security of the underlying cipher. If the cipher is secure, this steganographic method provably resists any statistical analysis."

Again, isnt the fact that the ciphertext is (hoped to be) perfectly random, and the hidden cypertext is perfectly random, regardless of the strenght of the encryption, the reason that no steganoanalytical method can detect the presence of the hidden data?

So, I would think that someone wishing to use OTP on the manner presented in the fragment I am inquiering about could use the encrypted data, not just the key, as their one time pad, and use it as a huge key (as it has to be) for Vernam cypher? Though used like that, I guess then the encrypted plaintext would be the misdirection, and the cyphertext would be of actual value - the one time pad.

Also "Thus, any perfectly random data can be used as a covertext for a theoretically unbreakable steganography." is a bit confusing - I do see the parallel between steganography and otp, but in the article about otp, its charactarised as a cypher, as a regular cryptographic, not steganographic method.

And thats how this article characterises it here too:

"The one-time pad is a theoretically unbreakable cipher that produces ciphertexts indistinguishable from random texts"

In any case, i could be interpreting this fragment wrong; indeed i find it confusing.

--aryah
 * OTP is the only theoretically secure Stego: provided that people use good RNGs for OTP and generating session keys, it is easy to prove (using math) that noone will ever be able to distinguish which session keys contain OTP messages.


 * "Ciphertext within ciphertext" rely on ciphers that are not secure from a theoric POV: Shannon has proved that the only unbreakable cipher is OTP like (i.e. an unbreakable cipher must have keys at least as long as the plaintext).


 * In other words: only unbreakable ciphers generate ciphertexts that are really (proven to be undistinguishable from) random. And Shannon has proven that the only unbreakable ciphers are OTP like.


 * --Gilbertera