Cryptography Reference
In-Depth Information
logical consequences. A less rigorous piece of software may be able
to do a good job of testing for errant code.
The parsers for XML, for instance, can test to see whether XML
conforms to a well-defined model. Extra tags and attributes are
flagged and reported. Even if most software can't rely on these rules,
they exist and do a good job of checking the data flowing along the
wires. The XML standard, though, isn't Turing-complete and so it's
possible to build a fairly straightforward testing tool.
21.4 Summary
Almost every data format has plenty of loopholes that can be used to
add extra data. If the code reads the first
n
items on a line, you can
th
item. If there's a special end of
file marker, say a zero, then you can add more after the zero. This
technique makes it easy to add information in many cases.
A neat trick is mixing together two files with head-first and tail-
first ordering of data like the GIF format and the ZIP formats. If these
two parts are glued together, decoding algorithms will frequently fail
to notice the other half. This lets a GIF hitch a ride on ZIP file and a
ZIP file hitch a ride on a GIF.
stick more information after the
n
The Disguise
Informationisstoredinthesparecornersofdatafiles,
a surprisingly easy process.
How Secure Is It?
It may be theoretically impossible to detect that
a piece of software is capable of reading or hiding extra data
in a file. This theoretical barrier, though, may not have much
practical weight.
How to Use It?
The simplest solution may be to glue together a ZIP
and a GIF file. Or just add extra nodes to an XML file.
Further Reading
There are a many data format topics out there. It's impossible
to list them all.
