13 comments

[ 1.9 ms ] story [ 10.3 ms ] thread
Sounds stupid. Steganography + Vernam cipher makes it impossible to detect and decrypt. Why would you artificially weaken it?
The difference is you'd have to transmit the one time pad; which is a big secret. In this case, it's like everyone is using the same pad but you have to do a bunch of work to find out where to start.
I shouldn't judge a book by its cover, but "topchicksdigengineeringguys.blogspot.com"?
The author has absolutely no clue what he is doing - don't even touch this with a stick. You can spot high entropy data hidden in the least significant bits of an image from a mile away unless you work hard to not disturb statistical properties. And the code is a mess, too.
Well it was posted by "IHaveNoIdeaWhatImDoing", but in all fairness he does say he is open to more help.
Heh :) Better to jump in and learn than stay out and never try. Also yea, the code is kind of a mess. I don't have a lot of free time. But it works and shows the basic idea.
I wouldn't say I have no clue. But I'm certainty not an expert. Can you cite a source that shows that if I randomly twiddle some of the lower bits in an image, it is detectable? If any (even random) change to an image is detectable, then it would be true that this doesn't work.
First, I really don't want to discourage you. I have myself reinvented a lot of stuff from a raytracer over a database to a kernel and a lot more. A simple steganographic tool, too. I think this is a great way to learn things, because it really makes you realize the complexity involved, how much effort other people have put into figuring things out and why some things look so quirky and make you think you can do it way better. But don't be fooled, chances are pretty close to zero that you will come up with an idea that has not been tried and dismissed long ago. There are a lot of people out there much smarter than you and me. So reinventing stuff is good for learning, but improving on the state of art and coming up with something useful for others is really pretty unlikely.

Now having no clue may sound a bit insulting but it was really not meant as a personal attack. But just by searching for »detecting steganography in images« you will easily find a lot of papers and even software dealing with this and they also deal with your idea of a randomized embedding in the least significant bit. You obviously did not research what other people have tried and what works and what not and that is why I called it clueless. The abstract of »Reliable Detection of LSB Steganography in Color and Grayscale Images« [1] from 2001 and one of the top search results for me starts with the following abstract.

We describe a reliable and accurate method for detecting least significant bit (LSB) nonsequential embedding in digital images. The secret message length is derived by inspecting the lossless capacity in the LSB and shifted LSB plane. An upper bound of 0.005 bits/pixel was experimentally determined for safe LSB embedding.

So this idea has been rendered obsolete at least a decade and a half ago unless you only want to embed tiny messages in huge images. Hiding only a single tweet requires a uncompressed image of 0.64 MiB to remain safe. And I did not search for it, but there may be other algorithms making the situation even worse. And using lossless compression is a nonstarter to begin with because you will stick out of the sea of JPEG images. But there are of course ways to embed hidden information in JPEG images, but again there are also ways to detect this.

[1] http://www.ws.binghamton.edu/fridrich/Research/acm_2001_03.p...

Note, the submitter is the author.
Reading the description I was wondering how it was working because it says during encoding it hashes the image to create a key and during decoding it hashes the image to create a key. But if it is hashing the whole image these keys cannot be the same. But when you look at the code it is not hashing the whole image. It is only hashing a subset of the bits. :)