[Cryptography] Source code that looks like completely different source code
Ray Dillinger
bear at sonic.net
Sun Dec 12 20:07:17 EST 2021
I noted a bit of research the other day: (Bruce Schneier pointed it out
on his blog)
https://trojansource.codes/trojan-source.pdf
The skinny is that by abusing bidirectional control in unicode, hackers
can create source code that is rendered by the unicode bidi algorithm in
a way that looks to humans exactly like innocent code that does what it
is supposed to do, but when read by the compiler (which sees the
characters by sequence instead of by position) is actually code that
does something completely different and likely malicious.
I don't know whether this is 'steganography' as commonly understood, but
the idea of hiding one message in what appears to be another seems to be
relevant, as does the threat to digital security.
Bear
More information about the cryptography
mailing list