<nettime> "Pirate Utopia," FEED, February 20, 2001
Ray Dillinger
bear at sonic.net
Mon Sep 24 14:44:51 EDT 2001
On Mon, 24 Sep 2001, Nomen Nescio wrote:
>The Stegdetect paper proceeded to further analyze the 20000+ images by
>looking for passwords that would produce meaningful messages from the
>hypothesized hidden content, via dictionary attack. No valid passwords
>were found, and the authors concluded therefore that these were all
>false positives. This does not seem to be a fully supported conclusion.
Actually, dictionary attacks reveal about sixty percent of passwords,
so for every six passwords you find on a dictionary attack, you can
infer ten actual stegotexts times the ratio between your analyzed and
discovered (possibly-false) positives.
While he has analyzed only two percent of his sample, that's a sufficient
number that if even even a tenth of one percent of his positives were
real he'd have discovered at least a few passwords.
The paper is solid statistical methods; lack of any dictionary-yeilding
passwords in that big a sample is very strong evidence that the sample
is overwhelmingly made up of false positives.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list