

Show HN: Hide Messages in Images with Steganography - tagx
http://mit.edu/~georgiou/www/steganography/

======
DanBC
I'm a bit drunk, so uh, yeah.

LSB steganography is trivially easy to detect. Do not use LSB steganography.

Steganography can be provably secure, with the correct amounts of plain text
and "cover data".

Here's one PDF. (<http://www.cs.cmu.edu/~biglou/PSS.pdf>)

Some people need this kind of stuff to work to avoid torture or other serious
consequences, but most implementations are toys to demonstrate proof of
concept or to play with the ideas.

tl:dr a real cryptographer will be along to correct my mistakes and provide
sensible links.

~~~
davepeck
I'm not a cryptographer.

That said: the PDF you link to seems to show that provably secure
steganography (as defined by this paper) exists if, and only if, one-way
functions exist. (See section 5.3)

It so happens that if one-way functions exist then, as a corollary, P != NP.
In other words: if steganography is provably secure, P != NP.

So let's not get ahead of ourselves. ;-)

~~~
batgaijin
Isn't a hashing function one-wayish enough?

~~~
DanBC
But is it provably mathematically one way?

------
gw
Interesting work. My own JS stego tool uses a similar technique, though I
implemented encryption and message scattering as well:

<http://oakes.github.com/PixelJihad/>

------
jnazario
and detect those messages in plain sight.

<http://www.outguess.org/detection.php/>

------
pizza
Related: Lenna <http://en.wikipedia.org/wiki/Lenna>

~~~
tagx
I was hoping someone would pick up on the reference!

~~~
Jun8
Being a EE, I bought the Nov'72 issue at one of the Printer's Row Book Fairs,
guy asked only about $3 for it, probably didn't know the significance.

Never learned the back stories of other famous images that may be older than
"Lenna", e.g. "Girl" and "Cameraman".

------
atmz
I wrote an essay/slides a while back which may be of interest to people
wanting to know a bit more about basic steganographic image creation and
detection: [http://www.cl.cam.ac.uk/teaching/0910/R08/work/slides-
at443-...](http://www.cl.cam.ac.uk/teaching/0910/R08/work/slides-
at443-steganography.pdf)
[http://www.cl.cam.ac.uk/teaching/0910/R08/work/essay-
at443-s...](http://www.cl.cam.ac.uk/teaching/0910/R08/work/essay-
at443-steganography.pdf)

Quick improvement to the LSB method: Use JPEG and embed the data in the LSB of
the DCT coefficients (still detectable, but not as trivially)

Cool demo though - I'd add a disclaimer though. It's easy to think that it's
obvious that people shouldn't use this to store their password in, say, their
Facebook profile photo, but..

------
liyanchang
Actually a really cool way of storing passwords in plain sight.

EDIT: Though if you were really secure, you shouldn't be typing your passwords
into a third party website in plaintext. Alas, I'll have to write my own.

~~~
hk_kh
That's an interesting idea.

A big QR-code in your table is something obvious to scan, and aesthetically
ugly. A framed picture not so much, and could serve a similar purpose.

------
yankoff
Nice. I implemented it in Ruby once <https://github.com/yankov/steganograph>

------
poundy
LSB steganography works on PNG (lossless compression). Saving it as a jpg file
causes data to be lost.

------
mksm
nice! we integrated this with FUSE for one of our class projects
<https://github.com/maksim-s/JKS-FS>

