Cryptography Reference
In-Depth Information
Compression won't do the trick either, by the way. Compressed text can be
decompressed, and those who try to be particularly clever by making encrypted
text pass for compressed text forget that compressed data obey certain rules,
too. More about this topic in Chapters 2 and 3.
I'm convinced that sufficient testing options can be found, except they aren't
generally known.
The
second method
hides information in digitized images. Nope, this time
not in the length of a blade of grass: the color of each image dot (pixel)
is described by several bits, e.g., 4, 8, or even 24 (accordingly 16 million
possible colors). In this method, the first few bits determine the pixel color,
while the last few bits serve merely for 'fine tuning'. Changes in these last
bits are hardly visible in the presentation; they are often even truncated when
output on a screen. These bits are used to hide secret information. Here too,
I have my doubts about the method's security. Images are subject to certain
well-known rules — otherwise, there wouldn't be effective image compression
methods. These rules also apply to the least significant bits. Now, if these
bits contain an encrypted message, they are purely random, leaping to the
eye exactly because of this, though our naked eye can't recognize anything.
Adapting to the statistics of the image would certainly be possible, but costly
and never perfect. Rumors have it that every photo (at least the digitized ones)
that leaves NASA is previously checked for hidden information. Why shouldn't
such programs work in large mail nodes? Basically, all objections made against
the first methods apply to this method, too.
'Real' steganography hides information such that its existence cannot be proved
lest you know the secret key. This is extremely difficult. You would have to
•
filter out 'noise' independent of the actual information from a data stream;
•
replace this noise by a secret text with equal statistical properties (not
hard with so-called 'white noise', because secret texts created by good
methods are equally distributed statistically);
•
and finally mix this noise back into the reduced signal.
However, I have to warn you that statistical independence doesn't mean deter-
ministic independence! It means that there might be a very simple test that
shows whether or not encrypted messages had been hidden. This is the critical
point when using steganography.
