I'm surprised to see someone of Bram Cohen's caliber releasing something like this. No one has any business coding security tools unless they've taken time to read forensics whitepapers to look for reasons why their tool won't work. And this tool certainly won't work.
The goal of steganography is to hide the fact that you've transmitted messages. The longer the message, the harder that becomes. This may be suitable for hiding a few bytes, but no useful message is going to be a few bytes, unless it's something like a decryption key (and hiding a decryption key using stego would be crazy). This doesn't solve the problem of "law enforcement wants to know what your decryption keys are, because they've detected you're encrypting data." The whole point of stego is to avoid that scenario.
Anyone who's interested in steganography should start here: http://www.cl.cam.ac.uk/~rja14/Papers/jsac98-limsteg.pdf ... No one who reads that whitepaper and understands its implications would take this tool seriously.
EDIT: To clarify: a message as short as ~50 bytes can often be detected, depending on the stego implementation, because even that is enough to cause statistical anomalies in the covertext which indicates that an encrypted message is hidden in the covertext. So I'm not talking about detecting images or videos sent via stego; just encrypted plaintext messages.
Let's not get personal. I only mentioned your name because it was in the headline, not to bully anyone.
I know this is a framework. But the problem with stego is that as soon as you release your code, you make it almost trivial for law enforcement to detect that you're using stego. It's a catch-22: you want people using the code, but you don't want law enforcement knowing what code you're using, because then they can just use the same code to detect that you're using stego, which defeats the purpose of stego.
This isn't theoretical. Each time someone releases a new stego tool out into the wild, forensics companies add it to their own frameworks for detecting stego.
Let me be clear: I want you to succeed, and I think it's a great thing that so much effort is being put into developing these sorts of tools. But you have to say something like "Don't use this tool yet! It's not ready for production!" ... The way it was presented here made it sound as if it's ready to be used, but anyone who uses it in its current state will be swiftly detected by law enforcement.
Let's put it another way. Do you think the 120 people who upvoted this did so because they understood this is "just a framework / reference," or because they were hopeful this actually works? It's not fair to them not to include a disclaimer saying this shouldn't be used. The way the README is written makes it sound like you're encouraging people to use it, even though it's not intended to be used.
> Let's not get personal.
right after saying
> I'm surprised to see someone of Bram Cohen's caliber releasing something like this.
I'm just worried that people will see his name, see that he's saying things like "this tool is ready to be used," and then actually use this, just because "It's Bram Cohen," and end up getting themselves caught.
Have you spent much time researching why current stego tools have all failed? The way you're endorsing this makes it sound like you haven't, and you're putting people in danger by pretending like law enforcement is incompetent.
Remember, law enforcement somehow managed to acquire an image of Silk Road's server, even though they were running it as a Tor Hidden Service, and they also managed to recover >100k bitcoins from DPR. All of this was done through forensics. Are you claiming that this tool is secure against such an adversary?
Hopefully someone will write a program called "DissidentXDetector" before law enforcement does. The myth that this generates undetectable messages needs to be debunked before people start trusting this.
Q. Can someone detect that a file has messages encoded in it?
A. That depends on the encoding used and the properties of the file the data is being encoded in. There's a whole field of academic literature on steganography, none of which is invalidated by this code. What this code does is vastly simplify the implementation of new steganographic techniques, and allow a universal decoder and encoding of multiple messages to different keys in the same file.
Q. Can someone detect that a file has messages encoded in it?
A. If the file was generated with an encoder whose code is public (i.e. Github, bitbucket, ...) then yes. Always. And even if the code is private, it may not be secure. Unless you come up with an encoding scheme that's never been thought of before, then law enforcement will likely be able to detect the encoded messages unless they're trivially short.
At best, this framework provides a way for people to write stego encoders that they don't plan on releasing publicly. But you should say that! Warn people how dangerous it is to be releasing their stego code. And warn people not to trust any of the default encoders.
It's not as easy to iterate on stego techniques as you're implying. There are only so many ways to creatively hide a message. And if people happen to come up with a scheme which has already been broken in the past, then their encoder will provide no security at all. They'll trick themselves into believing they're secure, when they're not.
I am interested in how this scheme is different from https://fteproxy.org/ though.
Check out http://www.cl.cam.ac.uk/~rja14/Papers/jsac98-limsteg.pdf and related literature. In particular this quote:
Shannon provided us with a proof that
such systems are secure regardless of the computational
power of the opponent . [...] Yet we still
have no comparable theory of steganography.
The problem is that there's no such thing as perfectly secure stego (undetectable covert messages), even though there is perfectly secure encryption (unbreakable encrypted messages, regardless of the computational power of the adversary, when implemented correctly, and when not defeated via side channel attacks, and when not compelled to cooperate by a judge).
More generally, "we do not have a proof" does not mean "we disprove". You also completely ignored my point about the secret, without which the encoder will not work when an attacker tries to run it.
Obviously it's not perfect. Obviously a totalitarian regime which suspects you of dissident activity will pick any reason out of thin air to lock you up for as long as they like, or just execute you.
But being able to say "here's the keys" with them having no way to know if they are all the right keys, is at least something.
Though of course at best you won't keep those files on your PC in the first place. You'd keep them on a microSD card that you keep in a tiny pouch under your skin. You'd keep them encoded in photos you have printed out and hung as wall pictures. You'd have them embedded in a well-torrented movie and backed up willingly by hundreds of thousands people (though not you). And if you just use them to send encoded messages, neither you nor the recipient will ever store them on an hdd.
I mean, you're not stupid, right?
Your argument appears to concern only the risk in openly publishing encoders. Are you also arguing that Bram's framework encourages such publishing? If not, then what exactly is your beef with it (the framework)?
An effective dissident is going to employ some reasonable opsec practices and have multiple layers of security, they're not going to be foolish enough to think that one program is a magic bullet.
The stereotypical intro to crypto 101 message "attack at dawn".
Although I agree if the point is to sneak out multi-gig video footage of war crimes, this isn't going to work very well.
Hide messages in SPAM Text:
Dear Decision maker , We know you are interested in
receiving amazing intelligence . This is a one time
mailing there is no need to request removal if you
won't want any more . This mail is being sent in compliance
with Senate bill 1625 ; Title 4 ; Section 302 . THIS
IS NOT MULTI-LEVEL MARKETING ! Why work for somebody
else when you can become rich as few as 33 days . Have
you ever noticed people love convenience and more people
than ever are surfing the web ! Well, now is your chance
to capitalize on this ! WE will help YOU decrease perceived
waiting time by 190% and increase customer response
by 150% . You can begin at absolutely no cost to you
. But don't believe us . Ms Ames of Washington tried
us and says "I was skeptical but it worked for me"
. We assure you that we operate within all applicable
laws . We implore you - act now ! Sign up a friend
and you get half off . God Bless !
So, good work.
Steganography that is implemented correctly then requires reasonable amounts of cover text, and small amounts of hidden text.
NSA fucking loves steganography because most of it is a toy implementation where someone hides text in the LSB of the bytes of a gif or jpeg. The ratio of cover:hidden text is terrible. And the implementer forgot to mention that it's just a toy and not to be used seriously.
The number of decently implemented steganography systems is small.
Thanks for pointing that out.
To answer the question: It shows up as a specific type of noise that's easy to detect. Some of the crypto / math people will be able to explain it much better than I can.
Ahhh. What if you were to use a video instead of a still image and only use a handful of pixels (or macroblocks) in each frame, chosen randomly (the random seed exchanged out-of-band)? Seems like that would give you a very high cover:hidden text ratio.
It would, but that doesn't change the principles used to detect the steganographically encoded cyphertext. The bits would still be twiddled in the same way, and could be found in the same way.
You could flip a single, random, least-significant bit on each frame of a 1 hour movie. This would allow you to store a 10.5KB encrypted message within. I'd like to know how anyone could possibly find those bits, let alone decipher them.
If I'm the Secret Police in some oppressive state, then I just need to find out whether you seem to be using stego — which is naturally against the law, itself, and hence grounds for arrest. Then, I can use rubber hoses, bamboo splinters, the threat of violence against your loved ones, and what-not to "brute force" your passphrase.
If I'm the NSA, I just detect the presence of stego and stash the container for later — say, when my quantum computer finally works as advertised, or I can plant a keylogger or turn on the back door on the your computers and sniff your passphrase, or simply mine your social graph until I find some other means of compromising you.
The possibilities are hardly limited to a naïve, brute-force search across the set of (crypto algorithm, passphrase) tuples.
EDIT: But, to your point: yes, using video makes finding stego harder. It doesn't change the nature of the problem, though; it just changes its scale. Against adversaries with the computational power of a modern nation-state, however, if you're relying on scale to hide your behavior, licit or otherwise, you're only deluding yourself.
Me? I'm the entire population of the country. Which one of us is using stego?
To my reckoning, the search space would put the number of atoms in the universe to shame.
>"Uncrackable encryption is allowing terrorists — Hamas, Hezbollah, al-Qaida and others — to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities."
So law enforcement is fine with encryption so long as it's crackable...
The author has cited terrorists training manuals elsewhere on his blog, that are apparently available publicly online, dated from as early as 2003 with security guidelines to not use email or talk on cellphones.
TLDR: The adversary can easily stop using email/cellphones to discuss plans. Do they still use email/cellphones for other reasons? Sure most likely, as was shown in Zero Dark Thirty, but not in any meaningful way that can be usefully gleaned from a mass-surveillance approach. Therefore the large investment and privacy trade-offs to the greater society isn't worth it.
From same source as previous comment: https://twitter.com/thegrugq/status/407662098093580288
You succeeded to put 3 different ethnic groups - I should say 2, the last one being an US product - in the same bag and doing then, a misleading association, fucking idiot!
I'm not sure exactly how you'd define a steganographic protocol. It's not quite as straightforward as cryptography, in fact it's yet again oxymoronic. Steganography (at least ideally) works somewhat like an archetypal spy's codebook. It sounds like everyday conversation to you, unless you're meant to know it's not, and that there's a hidden meaning. If you catch something off-guard, then the stego has failed.
There are likely trillions of images available on the Internet. I would imagine less than 0.001% of them have a hidden message. This increases the "haystack" so drastically for the NSA that, even if 100x as many people started using it, it's still a big-ass haystack.
While analysis (breaking) of steganography is long lived there hasn't been much work on creating new better forms.
Just as things like PGP are still hard for regular people to use, and there's no real encrypted chat, there's not much in the way of strong stego.
Obvious caveats apply here: How much does the text need to be hidden? Who does it need to be hidden from? Me hiding my angsty poetry from my sister doesn't need much and anything is going to be okay. But me hiding material that could get me killed, from a well funded government? I need something better than a reference github project.
What about OTP? One of the easiest things to set up and use imo, users just need to know to exchange key fingerprints over a third party medium (in person being the foolproof way).
It is probably not a good idea to hide data in images available on the internet because this enables direct comparison of the same image with and without hidden data.
Since then, there has been a fair bit of really interesting research in the field; I recommend anyone interested read Peter Wayner's book Disappearing Cryptography. Might be a good place to start for enhancing this provocatively named framework.
A. Because not having distinct binary and unicode string types is barbaric.
Hence censorship resisting, not censorship defeating.
Stenography is potentially useful if partial but monitored and censored communication channels remain open. See: The Great Firewall of China, or the postal system in prisons. Some data gets through, but data that they don't like does not. If the data is concealed, you can get it through.
Beyond just stenography, in the Soviet Union and beyond, some writers and artists would use allegory to criticize political figures or the state, enabling them to make points that would otherwise be censored. They could have shut down all film and book production, defeating this technique, but as long as some artistic works were allowed this channel remained open.
I remember in school a million years ago we discussed an algorithm of the following type for sending short covert messages.
1. Negotiate cipher/mapping for where to look for hidden information
2. A wants to send B message "Let's get drinks @ 9 @ Bill's" -- instead of inserting this into some random file, he instead maps to the cipher/mapping area and then iteratively searches for images/texts that are closest possible matches in those bits to his message.
3. Ideally, given access to enough cover files and a short enough message, he has an EXACT match. A sends B picture of puppies with NO bit twiddling. B knows to meet at the pub.
Q. Why can't it be given more than two alternates for one position to encode more information?
A. Because of math. See Explanation.txt for a bit more detail.
"Q. Why can't it be given more than two alternates for one position to encode more information?
A. Because math. See Explanation.txt for a bit more detail."