<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 26, 2016 at 12:29 PM, Ryan Carboni <span dir="ltr"><<a href="mailto:ryacko@gmail.com" target="_blank">ryacko@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">The Russian Illegals spy ring in New York used steganography.<br>
<br>
The Caliphate cell in Brussels used truecrypt files uploaded to<br>
cyberlockers in Turkey. But the grugq notes that truecrypt files would<br>
probably have a fixed size (and even with a random length, it would<br>
still round to kilobyte sizes), so it wouldn't be so simple.<br></blockquote><div>.... </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
in the PDF file. The text and images of the PDF file could be<br>
procedurally generated.<br></blockquote><div><br>If one was willing to corrupt a truecrypt file algorithmically </div><div>and perhaps strip or hack checksum checking multiple </div><div>layers of hidden messages could be in the apparently </div><div>random bits. This applies to any encrypted or encoded </div><div>message. </div><div><br></div><div>PDF files are rich in possible stenography tricks. PostScript</div><div>is even richer because it is a rich programming language as</div><div>well.<br><br><a href="http://partners.adobe.com/public/developer/en/pdf/PDFReference.pdf">http://partners.adobe.com/public/developer/en/pdf/PDFReference.pdf</a><br><br></div><div>"PDF character set is divided into three classes, called regular, delimiter, and
white-space characters. </div><div>This classification determines the grouping of characters
into tokens, except within strings, streams, </div><div>and comments; different rules apply
in those contexts."</div><div>Start with comments...</div><div class="gmail_quote"><br></div>Font-hackery alone makes some PDF/PostScript messages odd to read and is perhaps</div><div class="gmail_quote">a handle for steganography too. i.e ignore all serif and kerning characters, or key on all </div><div class="gmail_quote">serif characters. The secret key could be hidden thus:</div><div class="gmail_quote"> Yes <i>Bob</i> <i>is</i> not <i>your uncle, <b>Fred</b> is</i>. <br>Font files can be scrambled Rot13 and beyond. <br><br>A Turtle graphics program could draw a message... or a jumble depending on </div><div class="gmail_quote">a simple transformation to the source.</div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br><div><br></div><div> <br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>