Stegdetect 0.4 released and results from USENET search available

Niels Provos provos at
Fri Dec 28 04:33:10 EST 2001

In message <v04210101b84eca7963ad@[]>, "Arnold G. Reinhold" writes:
>I don't think you can conclude much from the failure of your 
>dictionary attack to decrypt any messages.
We are offering various explanations.  One of them is that there is no
significant use of steganography.  If you read the recent article in
the New York Times [1], you will find claims that "about 0.6 percent
of millions of pictures on auction and pornography sites had hidden

>2. The signature graphs you presented for several of the stego 
>methods seemed very strong. I wonder if there is more pattern 
>recognition possible to determine highly likely candidates. I would 
>be interested in seeing what the graphs look like for the putative 
>false alarms you found. It also might be interesting to run the 
>detection program on a corpus of JPEGs known NOT to contain stego, 
>such as a clip art CD.
The following slides contain examples of false-positives

In my experience, eliminating false-positives is not quite that easy.
Some graphs look like they should have steganographic content even
though they do not.  Any test will have a false-positive rate, the
goal is to keep it very low.

>3. If you did succeed in decrypting one of Osama Bin Laden's 
>missives, wouldn't he have a case against you under DMCA?
Good question.  The panel about the DMCA at the USENIX Security
Symposium seemed to indicate that the exceptions built into the DMCA
have no real meaning.  In my understanding of the American legal and
judicial system, it is not possible to know what is right or wrong
according to some law until one has been taking to court about it.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list