Maybe no stego on eBay afterall
Jim Gillogly
jim at acm.org
Fri Jul 19 19:20:38 EDT 2002
Peter Wayner wrote:
> At 10:34 AM +0200 7/19/02, Hadmut Danisch wrote:
>> What's the hamming distance between eBay pictures/messages
>> "containing" stego contents?
>>
>> What's the probability that a random, clean picture is
>> falsely tested positive? How many "unusual" bits does it take
>> to make a picture appear as being a stego pic?
>
> You can draw the line anywhere you choose. You want more positives? You
> just move the bar. You want less? You move the bar. The mechanism is
> scientific, but it's also based on statistics and it's impossible to
> predict what kind of image will carry what length message.
...
> So even though there's some cool science in the process, there's no
> scientific way to draw the line.
It depends on the program used to insert the stego. At least
one popular program (popular because it has a very slick user
interface and is free) leaves a clear signature, and, in fact,
is easy to break. I've extracted the data from some stegged
pictures in puzzles, but have never encountered it in the wild.
It's also possible to detect stego if you happen to find the
original picture that was stegged.
I doubt that the reported eBay sightings were of this scientifically
undeniable sort: if it was more than somebody pulling statistics
out of their -- umm -- noses, it was more likely somebody noting that
the stegdetect program reported "jphide(**)" or some such thing on some
subset of the pictures. That's not sufficient -- stegdetect reports
the same thing on a small subset of the pictures I've been taking of
my new grandson.
--
Jim Gillogly
Mersday, 26 Afterlithe S.R. 2002, 23:13
12.19.9.7.10, 3 Oc 3 Xul, Sixth Lord of Night
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list