Ramblings & ephemera

Bruce Schneier on steganography

From Bruce Schneier’s “Steganography: Truths and Fictions“:

Steganography is the science of hiding messages in messages. … In the computer world, it has come to mean hiding secret messages in graphics, pictures, movies, or sounds. …

The point of steganography is to hide the existence of the message, to hide the fact that the parties are communicating anything other than innocuous photographs. This only works when it can be used within existing communications patterns. I’ve never sent or received a GIF in my life. If someone suddenly sends me one, it won’t take a rocket scientist to realize that there’s a steganographic message hidden somewhere in it. If Alice and Bob already regularly exchange files that are suitable to hide steganographic messages, then an eavesdropper won’t know which messages — if any — contain the messages. If Alice and Bob change their communications patterns to hide the messages, it won’t work. An eavesdropper will figure it out.

… Don’t use the sample image that came with the program when you downloaded it; your eavesdropper will quickly recognize that one. Don’t use the same image over and over again; your eavesdropper will look for the differences between that indicate the hidden message. Don’t use an image that you’ve downloaded from the net; your eavesdropper can easily compare the image you’re sending with the reference image you downloaded.

Comments are closed.