Stegdetect 0.4 released and results from USENET search availa ble

Trei, Peter ptrei at
Fri Dec 28 14:40:02 EST 2001

There's a much simpler reason why few or no stego'ed messages are
present in usenet images: They form an inefficient  and unneeded 
distribution mechanism.

Try taking a peek at the Usenet newsgroup alt.anonymous.messages.
Dozens for PGP'd messages a day, from our old friends Secret Squirrel, 
Nomen Nescio, and Anonymous. 

Usenet has some very good properties for those wishing to maintain
privacy: multiple entry points, including from mail2news gateways,
flooding distribution independent of message content, and knowledge
of who reads what is restricted to the server from which the news is
read (and there are 1000's of news servers, as well as web based
systems such as But you already know this.

Posting PGP to aam also avoids the bandwidth bloat imposed by stego,
and the extra complication of having to stego and destego images, as
well as generate the images used for cover.

Why would anyone bother hide tiny messages in ebay images or
alt.binaries.erotica.bestiality.hamster  when they can just post to 

Peter Trei

> ----------
> From: 	Niels Provos[SMTP:provos at]
> Sent: 	Friday, December 28, 2001 4:33 AM
> To: 	Arnold G. Reinhold
> Cc: 	cryptography at
> Subject: 	Re: Stegdetect 0.4 released and results from USENET search
> available 
> In message <v04210101b84eca7963ad@[]>, "Arnold G. Reinhold"
> writes:
> >I don't think you can conclude much from the failure of your 
> >dictionary attack to decrypt any messages.
> We are offering various explanations.  One of them is that there is no
> significant use of steganography.  If you read the recent article in
> the New York Times [1], you will find claims that "about 0.6 percent
> of millions of pictures on auction and pornography sites had hidden
> messages."
> >2. The signature graphs you presented for several of the stego 
> >methods seemed very strong. I wonder if there is more pattern 
> >recognition possible to determine highly likely candidates. I would 
> >be interested in seeing what the graphs look like for the putative 
> >false alarms you found. It also might be interesting to run the 
> >detection program on a corpus of JPEGs known NOT to contain stego, 
> >such as a clip art CD.
> The following slides contain examples of false-positives
> In my experience, eliminating false-positives is not quite that easy.
> Some graphs look like they should have steganographic content even
> though they do not.  Any test will have a false-positive rate, the
> goal is to keep it very low.
> >3. If you did succeed in decrypting one of Osama Bin Laden's 
> >missives, wouldn't he have a case against you under DMCA?
> Good question.  The panel about the DMCA at the USENIX Security
> Symposium seemed to indicate that the exceptions built into the DMCA
> have no real meaning.  In my understanding of the American legal and
> judicial system, it is not possible to know what is right or wrong
> according to some law until one has been taking to court about it.
> Niels.
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at
This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list