Cryptography Reference
In-Depth Information
sitting around not doing anything. If someone tries to open them up
with an editor like a word processor or even tries to examine them
with a File Manager, they'll find nothing. This is just empty space to
the operating system. But this doesn't mean it can't hold anything.
Information can be written into these sectors and left around. The
only way it can be corrupted is if someone writes a new file to the
disk. The operating system may assign those sectors to another file
because it thinks the space is free.
S-Tools stores information in this free space by choosing empty
sectors at random. The first sector gets the header of the file which
specifies the length and the random number seed that was used to
choose the sectors. Then the information is just stored in this string
of sectors selected at random.
If encryption is used, the random number generator uses the en-
cryption key as a seed. This means that a different selection of ran-
dom sectors will be chosen. The data itself is encrypted with any of
the five algorithms offered in the other two implementations of S-
Tools.
At the end, S-Tools offers to write randomnoise in the extra space
that is not taken up by the hidden file. This is often a good idea be-
cause the empty space may often have some pattern to it left over
from the last file it stored. Ordinarily, disk space is not actually
cleared off when a file is erased.
The entry in the FAT table is just changed from “assigned” to
“empty.” The old data and its pattern are still there. This means
that someone could identify the sectors of a floppy disk containing
hidden information by looking for the ones that have random infor-
mation. The ones that contain scraps of text files or image or ordi-
nary data would be presumed innocent.
4
S-Tools will overwrite this
to convert the unallocated sectors into a sea of noise. This is equiva-
lent to using a new disk.
9.5 Putting JPEG to Use
The first part of this chapter lamented the effects of JPEG on image
files holding data in the least significant bits. The lossy compression
algorithm could just mush all of that information into nothingness
because it doesn't care if it reconstructs a file correctly. Although this
can be problem if someone uses JPEG to compress your file, it doesn't
4
You coul d fir s t use
st-bmp.exe
or
st-wav.exe
to hide the information in a picture
or a sound bite. Then you could store it in the unallocated sectors. Then it would look
like random discarded information.