

DarkJPEG - DarthRa
http://n0where.net/darkjpeg/

======
andrewcooke
is there any evidence that the steganography here is undetectable? i would
have thought that uniformly random data in the low bits of an image's data
(pixels or fourier coefficients or whatever) was a clear signature for anyone
trying to find these things. aren't they naturally correlated in various ways?

also, something like tineye can be used to retrieve web-sourced images for
comparison, which would make any hidden data really obvious (and a smooth
gradient would be even more suspicious if the lowest bits weren't smooth).

what is the state of the art in steganography? is it feasible for reasonable
bandwidth? what are the best carrier data to use? do phone cameras provide raw
images or are they always jpegs? i guess a webcam video uploaded to youtube
has the advantages of large data volume, unique content, and wide visibility.
but do they reformat?

~~~
nitrogen
_also, something like tineye can be used to retrieve web-sourced images for
comparison, which would make any hidden data really obvious (and a smooth
gradient would be even more suspicious if the lowest bits weren 't smooth)._

Smooth gradients are only smooth if you add noise to the lower bits, due to
having only 256 color levels per channel. A comparison:
[http://imgur.com/0cJWm8t](http://imgur.com/0cJWm8t)

Those color bands are indeed only one color value apart per channel; the first
visible band is rgb(50, 120, 50), while the second is rgb(51, 119, 51).

~~~
anonymous
The banding is almost imperceptible though. I had to get close to the monitor
and squint a lot to see it.

------
ynniv
Doh, some of these options seem horrible: eg, allowing the data to be
extracted automatically using standard tools. If you can automatically detect
hidden data, it's only hidden from people who aren't looking. If your data is
worth hiding, it's worth hiding from people who know how to use "find -exec"
(or had someone else set up an automated sweep program for them).

------
vog
_> Supported container types: [...] rand, which downloads a random image from
Wikimedia;_

I honestly don't see the point of that container type. How much useful is
steganography if the original JPEG is publicly available for comparison? How
could anyone ever plausibly deny that?

"You were emailing this image from Wikimedia, but made subtle modifications to
the file. Can you explain this?" \- "Umm ... I guess I downloaded it via a
noisy internet connection." ?!

~~~
nicholassmith
Resize it, or perform a similar change so the file sizes wouldn't match up.

~~~
anonymous
Comrade Smith, you have emailing picture wikimedia's, but you altering it. Why
it resized when you having fast internet connection? We know you hiding
message with steganography and requesting key. You will remaining in solitary
confinement until key given.

------
alanh
Props for using social media share nag images that _do not_ load from
Twitter/Facebook/Google until click. :) Better speed _and_ better privacy for
end users.

------
chowells
No one's worried about the entire concept? It seems a little counter-intuitive
to tell someone else your secrets, so they can hide them.

~~~
hobs
I would argue that to most people who download the tor browser that is
effectively what they are doing.

As has been shown before, open and closed source products people use
(including security software) has been time and time again proven to be
insecure.

I still would be somewhat wary to use this site for actual stuff I care about,
but its a cool site and a cool little idea.

~~~
Chris2048
shown before where?

------
yid
What, pray, is "SHA3 key generation"

~~~
ChuckMcM
Well it's got to be super sekrit so it needs the best SHA algorithm, what
better than the one that even the NSA hasn't picked yet? :-)

~~~
yid
Oh I'm sure the _NSA_ has already picked it ;) NIST just hasn't yet...

~~~
harshreality
Keccak was picked by NIST last October as the winner of the SHA-3 competition.

------
RankHorror
I don't click on dodgy links.

