Jump to content

Talk:Steganography/Archive 1

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1

Stegonography Easter Egg?

A Wikipedia easter egg: see Pikes Peak and find the hidden message.

Well, whatever it was, from the timestamps it's got to be one of the following article revisions:
It's in Image:Ppeak-s.jpg. That was a few years ago, and I've forgotten exactly how I did it. But I know it was some package I found via Google. I did not encrypt the message. Discovery of the package (and the hidden message) is left as an exercise for the reader. <>< tbc 05:48, 10 Mar 2005 (UTC)
Using the stegdetect program written by Niels Provos, available from his site (http://niels.xtdnet.nl/stego/), the image Ppeak-s.jpg tests positive for steganographic content hidden using a version of JPHide. I don't want to spoil anybody with the actual message (I'll note that it's an appropriate set of song lyrics), but it's pretty trivial to Google "JPHide", download a version, and decrypt it using no password. Of course, that didn't stop me from spending overnight with Niels Provos' stegbreak and a 4 million word dictionary, before coming back here and finding out that there was no password. Sigh. Thanks for the fun easter egg! ByeByeBaby 15:14, 18 August 2005 (UTC)
Nice one! I'll check it next time I reboot to Windows (I can't get JPHide to compile under Linux), but I think we should announce this somewhere. — Matt Crypto 15:33, 18 August 2005 (UTC)
Climb Every Mountain?
Nuttyskin 11:07, 13 August 2006 (UTC)

Steganography name

The name comes from Johannes Trithemius's Steganographia: a treatise on black magic disguised as a book on cryptography, and is Greek for "hidden writing."

I was under the impression that this claim - orginally made by the Catholic Church - had been refuted. It really is about cryptography - or more generally, 15th century information security, since it branches into peripheral areas such as training couriers to memorise messages. In particular, the so-called spells in Book III were shown by Jim Reed to be cryptograms. In fact many sites today invert the sense of the quote above, and say that it is ostensibly about magic but really about crypto. However I don't know all the details, so does anyone know if there are any parts of the book that are definitively about black magic? Securiger 11:28, 4 Feb 2004 (UTC)

Yes, there were some parts that were apparently about the occult, but it is assumed that only about 3/8 of the original manuscript survived, and then only mostly the parts about encryption. I'm reading a book by Jacques Bergier, called 'Livres maudits' in which Trithemius work is mentioned in an occult setting. Why some parts didn't survive is the subject of considerable speculation. Trithemius work in Steganography is discussed in more detail in David Kahn's book 'The Codebreakers'.Crusty007 20:58, 5 December 2006 (UTC)

Factchecking

Two more problems(?) with factual claims here.

1) Bacon certainly suggested the use of different type faces to carry information. Was there also discussion of hand written stego? Have removed the handwritten part pending clarification.

2) I have heard several claims about the frequency of stego'd images on the Internet. None has been credible on second look. I have changed the claim, to an expression of indeterminacy. Can someone provide something credible on this point?

ww 16:30, 20 Apr 2004 (UTC)

Typo in image filenames

The images are named Stenography- instead of Steganography-. Arvindn 17:11, 20 Apr 2004 (UTC)

Arvindn, Sorry. I missed that entirely. Is this in response to 2 above, or something else? ww 17:39, 20 Apr 2004 (UTC)
Nothing related to the above. I mean the images in the article -- the tree and the cat. Typo in the filenames. Arvindn 17:43, 20 Apr 2004 (UTC)
I created the images and wrote a short one line stenography article to go with them. Then after someone claimed that stenography was to do with handwriting, I found out that it was called steganography. "Steganography" is a good example of steganography, since the "ga" is well hidden in there and hard to see... Κσυπ Cyp   08:33, 21 Apr 2004 (UTC)

Python script for the sample images

Try it yourself!

I converted png to bmp and tried

$ python -c 'import sys; a=sys.stdin.read(); sys.stdout.write(a[:54] + "".join(map(lambda(x): chr((ord(x)&3)*85), a[54:])))' < StenographyOriginal.bmp > StenographyRecovered.bmp


It worked :-) (54 is the bmp header length) Arvindn 17:43, 20 Apr 2004 (UTC)

I can't get this to work. :-/ Quizically, I constructed my own C-hack to do this for me and got the same result as I got with your script -- a distorted picture of the trees. Somehow, this implies I've understood the process and done the right thing, but something else must be wrong... What size is the original bmp you are working with? Mine is 120,054 bytes. Also, byte order might make a difference, but I though ANDing with 128+64 instead of 1+2 would solve that, but nope.. ✏ Sverdrup 14:33, 13 Oct 2004 (UTC)
It works for me. I obtained the BMP using the "convert" utility from ImageMagick; I also get the length of the original bmp to be 120,054 (md5sum: 7e4ce7288ab0bcf6231c2ce653fbf9b9 StenographyOriginal.bmp). I can't think of why it doesn't work for you, though...— Matt 14:50, 13 Oct 2004 (UTC)
Well, I feel stupid; naturally it was the PNG->BMP conversion (which I could find no fault in in the first inspection) Apple's Preview application _of course_ dithers the image, even though I just asked for a format conversion with the same colour depth! :-/ convert solved the thing for me; thanks a lot. ✏ Sverdrup 15:09, 13 Oct 2004 (UTC)
Ah, cool. Any ideas on the "Easter Egg" thing above, by the way?
If there's something, it's hard to find. It seems though that it's the picture [1] that contains something; regardless of how you AND the other picture, a rough outline resembling the original can be seen. The first image, however, shows no resemblance to the original (to me) when ANDing with 1 or 2 or 3. ✏ Sverdrup 16:06, 13 Oct 2004 (UTC)

Steganography / watermarking

It is very unclear what the following paragraph:

"Steganography can be used for digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified. In fact, in Japan "... the Content ID Forum and the Digital Content Association of Japan started tests with a system of digital watermarks 'to prevent piracy' (The Japan Times Online 26-08-2001)."

is doing in this article. First I don't know of any steganographic technique actually used for watermarking. The two have different golas. Second 'tracking' and 'verification' are not usually the main uses for watermarking. It's mainly been copyright protection. Third, many groups and people have tested watermarking algorithms to prevent piracy several years before the Content ID Forum or the Digital Content Association of Japan wake up!

Terrorism

This section is based on a set of rumours. Does the definition for "airplane" include a section about the usage in terrorism?

The section mainly debunks a currently widespread rumour, which happens to be the motive for most current public interest in this topic, including nearly all press coverage. If ninety percent of the population had no interest in aircraft other than their usage in terrorism, then that article should indeed include such a section; but unlike steganography, that is not the case. Additionally, this section notes that AQ's own training manuals claim that they do use invisible ink, which is closely related and rather interesting. Securiger 03:51, 13 Aug 2004 (UTC)
I agree with Securiger; the terrorism rumours are relevant here. Also, although the section discusses a set of rumours, they are carefully attributed. — Matt 13:31, 13 Aug 2004 (UTC)
And I will chime (not chyme) in as well. Securiger is correct in my view. ww 17:02, 13 Aug 2004 (UTC)

Trees to cat

OK, I give up. I am trying to reveal the cat image by manipulating the tree image. I downloaded the tree image, and opened it with GraphicConverter on my Macintosh. Any hints on what the next step is? How do I perform the "logical and" step?

Yea, n00b. :)

There doesn't seem to be a way to do this in GC; I have version 4.x though, and if you have version 5, there _might_ be a way to do it in GC.
Logical and is essensially this:
The image is a 32-bit image, which means each of the colour channels (Red, Green, Blue) has one byte of information per pixel. Each of these bytes is a sequence of eight bits. When we Do a logical and with 3 (1 + 2 = 3), we keep the two lowest bits:
byte AND 3 => result
01001101 & 00000011 => 00000001
The higher bits have higher significance, and hence contribute more to the hue/brightness of each pixel; we can use the least significant bits for extra information that is hidden in the picture. ✏ Sverdrup 15:32, 13 Oct 2004 (UTC)


I agree. Including terrorism here only support fear-based politics and obscuring computing social image.

Stego/terrorism report

A recent news story:

"...An internal report obtained by The Canadian Press gives credence to the long-rumoured possibility Osama bin Laden's terrorist network and other extremist groups are using a technique known as steganography to hide the existence of sensitive communications...
...A heavily edited copy of the January 2004 report, Computer-assisted and Digital Steganography: Use by Al-Qaeda and Affiliated Terrorist Organizations, was recently obtained from the Mounties under the Access to Information Act. Among the material stripped from the document is information on how best to detect, extract and view surreptitious messages...[2]

Because of this, we may soon have to update the "No corroborating evidence has been produced by any other source." note in this article 's "Rumoured usage in terrorism" section. I'd like to find out a little more about this report first, though! — Matt Crypto 15:15, 10 Dec 2004 (UTC)

Tree to Cat Example in Delphi

I was facinated by this article and decided to produce a quick application that would convert the tree, per the instructions, into a cat. The final result lacks a lot of color definition, so I would imagine there is still a key part of the algorytm missing from the instructions.

I'll post up the source code if someone can tell me where to put it. In the mean time here's a few bitmaps of the results.

1. Original Image File:JohnC Steganography 1.jpg

2. Image AND 3 (boolean operation) File:JohnC Steganography 2 1.jpg

3. Image Multiplyed by 85 File:JohnC Steganography 2 2.jpg

John C. Lieurance -- March 2005

That's really cool. Who came up with the original images? And has anyone managed to work out the Pikes Peak Easter Egg yet? (This is way beyond my meagre technical skills). Lisiate 02:20, 4 Apr 2005 (UTC)

Try to put your program in wikisource.org or sourceforge.net Edggar

Well I tried to upload the application and source as a Zip file to the Wikisource and the server wouldn't have it. Its restricted to image / sound files. Sorry but I don't want to go through the trouble of creating a project in sourceforge.net either. I will email anyone the program that wants it, just follow my author link and you'll find my last known email address.

I've been giving more thought to the end result, a red image, and suspect that the final result needs a 256 color palette. Its possible to build such a palette from the original image and re-apply it to the red image using the variance of the red scale, 0 to 255, as a color index. If I get some free time I'll add such a modification to my application to test the theory. John C. Lieurance -- April 24, 2005

Update on the palette. The original tree image contains 13,323 colors. The original cat image contains 40 and my Delphi driven image contains 4 colors. There's no easy way to move the color palette over from the 13,323 color image, but I did move the original cat image (40 colors) over to my Delphi driven image. The results were quite interesting. It's closer to what it needs to be but its still a long ways off...

File:Johnc tree palette applied.png

Here's the image from the top right after its been over exposed.

File:Johnc Cat Over Exposed.png

John C. Lieurance -- April 24, 2005

Updated my user id tag to point to my home page. My appologies for the dead link. John C. Lieurance -- August 18, 2005

I think treating the colour channels separately will do the trick. I'll try it and paste the source code on this talk page if it works. Shinobu 13:24, 17 August 2005 (UTC)

It works; I'll put it on my userpage for anyone who's interested, even though it's a really simple bit of code. I suspect converting it to Delphi or any other language won't pose problems. Bye, Shinobu 13:38, 17 August 2005 (UTC)

Image order

Correcting image order. The wrong order was apparently a hack, which worked fine for him, but screws it up for everyone with a browser that is in this aspect standards-compliant. Shinobu 22:44, 25 Jun 2005 (UTC)

Stegano/Terrorism rumors : wrong chronology.

Hello. The first mention of possible usage of stegano by terrorists is not by the New York Times in october 2001, but in USA Today in february 2001, so way before 9/11. The articles are still online, so it's easy to check that. What nobody seems to notice is that they were written by Jack Kelley, who in 2004 was fired in a huge scandal (similar to the Jason Blair fiasco in the NYT) because he admitted that he faked most of his stories. There is even an article about him here in Wikipedia (http://wiki.riteme.site/wiki/Jack_Kelley). I wrote about it there, with all relevant links : http://www.guillermito2.net/stegano/ideas.html (see very last paragraph called "Is steganography used by terrorists?"). I could try to modify the Wikipedia page myself but I never did that so I need to do some tests first on the sandbox. If anyone is interested, go ahead. 132.183.189.207 7 July 2005 15:16 (UTC) Guillermito

Okay, finally I added a paragraph about it. Feel free to smooth out my (bad) english. 132.183.189.207 7 July 2005 16:05 (UTC) Guillermito

Request snipped from main

I'm N00B.. i'm not sure about steganography.. can you teach me
e-mail-altf4_numeric@yahoo.com
One thing.. i make project in stegan- Hiding data in mp3..
can you give me some link.. Ok thanks i owe you:

Thanks you...

Audio Steganography?

Does hiding 'images' in audio data count? See the Aphex Twin article for some links to examples of images placed in audio tracks that are viewable on a spectrogram. SHould this be included int he list of techniques? Lisiate 03:39, 12 August 2005 (UTC)

If the audio file is playable, and the data is contained in the audio track, then yes, of course! Shinobu 13:56, 17 August 2005 (UTC)

Alternative method for image sten

I think this method might be easier for non-programmers: 1. Halve the visible image's values. 2. Double them. (by doing this you have just cleared the last bit of each pixel) 3. Divide the values of the hidden image by 256 (so they're either 0 or 1) 4. Add the two images.

The important difference is that Gimp and others (probably incl. photoshop have add and subtract, but not AND).

I have some images, along with value graphs to show how it works. Note me if interested.

--Taejo 16:22, 3 September 2005 (UTC)

I would like to propose a few changes to this alogrithm to make it work with our examples. This makes it easier for the reader to experiment.
creating
1) Let's divide and multiply the visible image by four -- since we use the lower two bits in the example. 2) Divide the hidden image by 85 (so they're in [0, 3]). 3) Add the two images.
reading
1) Divide and multiply by four. 2) Subtract this image from the original. 3) Multiply by 85.
I think it's great that someone takes the trouble to cater to normal photoeditors by the way. Shall we put this in the article somewhere? Shinobu 13:24, 4 September 2005 (UTC)

code[c]less mandrel

Every now and then the c is removed and included... but the basic question is "what makes UDP a code[c]less mandrel?". Look up mandrel and you'll see what I mean. I've changed it to "protocol", because that at least makes sense. Shinobu 15:11, 28 September 2005 (UTC)

Playboy

I remember a woman who had written a simple steganography program who posed in Playboy. Does anyone remember who that was?

Opinionjournal.com hat tip

This article was referenced in OpinionJournal.com's Best of the Web Today for Friday, December 9, 2005. [3] | Klaw ¡digame! 04:24, 12 December 2005 (UTC)

Hurray, we're famous! Look ma, we're on TV!Tommstein 04:41, 12 December 2005 (UTC)

Online image steganographer (shoping cart icon)

Quite a while back I remeber I saw a site which had a image steganographer (java?) which allowed you to choose a file on your on computer or on the internet and "encode" it on an image of your own choice, a shoping cart icon was placed on the finished image, that icon worked somewhat as a link to the original file, if it was a html the browser would open it, if it was a downloadable file the "save as" window was showed.

I would like to ask if anyone knows the url for that site as I lost it. Thanx for the attention


My ascii rendition of the shopping kart icon (although not very a successfull one...) The icon was similar to this, if I remember correctly it was the icon for "shopping kart" function of areal online store. the actual icon was slightly rotated I think. The lines were solid, with rounded ends iirc and I am not sure about the wheels.

        /
_______/
\
 \_____
 ______|
  O   O

edit: as mather of fact, I would like to know about any online steganographer.

TiagoTiago 03:05, 19 January 2006 (UTC)


OTP - isnt this a slight mistake?

"in most cryptosystems, private symmetric session keys are supposed to be perfectly random. Even very weak ones (e.g. shorter than 128 bits). This means that users of weak crypto (in countries where strong crypto is forbidden) can safely hide OTP messages in their session keys."

In the keys?? That would be an OTP msg 128 bits long, right? Isnt even the encrypted data, regardless of the strenght of encryption, perfectly (or similarly) random? For instance, this is what the Truecrypt says about that:

"No TrueCrypt volume can be identified (TrueCrypt volumes cannot be distinguished from random data)."

Isnt this precisely because its encrypted (provided the algorithm and implementation are good) ?

This article also says:

"Concealing ciphertext within ciphertext. The method builds upon the security of the underlying cipher. If the cipher is secure, this steganographic method provably resists any statistical analysis."

Again, isnt the fact that the ciphertext is (hoped to be) perfectly random, and the hidden cypertext is perfectly random, regardless of the strenght of the encryption, the reason that no steganoanalytical method can detect the presence of the hidden data?

So, I would think that someone wishing to use OTP on the manner presented in the fragment I am inquiering about could use the encrypted data, not just the key, as their one time pad, and use it as a huge key (as it has to be) for Vernam cypher? Though used like that, I guess then the encrypted plaintext would be the misdirection, and the cyphertext would be of actual value - the one time pad.

Also "Thus, any perfectly random data can be used as a covertext for a theoretically unbreakable steganography." is a bit confusing - I do see the parallel between steganography and otp, but in the article about otp, its charactarised as a cypher, as a regular cryptographic, not steganographic method.

And thats how this article characterises it here too:

"The one-time pad is a theoretically unbreakable cipher that produces ciphertexts indistinguishable from random texts"

In any case, i could be interpreting this fragment wrong; indeed i find it confusing.

--aryah

OTP is the only theoretically secure Stego: provided that people use good RNGs for OTP and generating session keys, it is easy to prove (using math) that noone will ever be able to distinguish which session keys contain OTP messages.
"Ciphertext within ciphertext" rely on ciphers that are not secure from a theoric POV: Shannon has proved that the only unbreakable cipher is OTP like (i.e. an unbreakable cipher must have keys at least as long as the plaintext).
In other words: only unbreakable ciphers generate ciphertexts that are really (proven to be undistinguishable from) random. And Shannon has proven that the only unbreakable ciphers are OTP like.
--Gilbertera

Dreadful English

Needs thorough revision. — Preceding unsigned comment added by 92.12.18.129 (talk) 20:57, 26 December 2021 (UTC)

Untitled

Archive: /Archive 1

Fact Checking - Ancient Wax Tablets

Several facts about the wax tablets sent after the battle of Thermopylae were wrong in the article. The tablets were not sent to Xerxes but from Demaratus to Greece. In fact Xerxes was King of the Persians, the very person Demaratus didn't want to learn about the hidden message. Also according to Herodotus, nothing was written in the wax poured on top of the hidden message. I think this fact is often ignored to make the story a more convenient example of early steganography. I had to go to the original source, Polymnia by Herodotus, to scrounge up what really happened. Wikipidia wasn't the only place I looked with the wrong facts on this point. I have a book on cryptography in front of me right now that states the tablets were sent to King Leonidas. Leonidas was dead when the tablets were sent! Here's a link to the appropriate page in Polymnia.

--Takaitra 01:01, 5 March 2006 (UTC)

Removed sentence

Effective detection of steganographically encoded materials in communications intercepts between suspected terrorists is therefore extremely important, but very complicated, as we will see below.

I removed this sentence as it appeared completely out of place following a lengthy tract on showing that there is no actual evidience for Al Quaeda use of steganography. Refdoc 23:38, 8 March 2006 (UTC)

Evening Courier

The article mentions Il Corriere della Sera as an Italian tabloid newspaper. The paper is in fact a somewhat high-brow broadsheet.

Also, the article states that an item of news reported in this newspaper was not confirmed by any reputable Italian newspaper. There is a debatable implication there to the effect that Il Corriere della Sera is not reputable. Given that Il Corriere della Sera is generally considered one of Italy's more serious and less biassed newspapers, and given that it has the second-highest distribution of all newspapers in Italy, it might be worth considering an adjustment to the paragraph in question.

(More info on the paper here: http://wiki.riteme.site/wiki/Il_Corriere_della_sera )

--Croc996 00:25, 26 March 2006 (UTC)

GA failed

For these reasons:

  • See WP:LEAD as the present lead section doesn't summarize the article but gives insight into etymology.
  • 2 references is not enough.
  • This section would be better if transformed into prose.
  • The external links through the text should be transformed into inline citations. See WP:FOOT.
Lincher 00:23, 11 June 2006 (UTC)

No better photos?

The picture for Pike's Peak is poor. Doesn't anyone have any better shots?


Steganography + Crypto

Is it worth adding a discussion of how to do encrypted steganography? In particular, this ought to escape detection. In the case of the photo, with the cat/trees, what you do instead is:

1)Take your plaintext (cat). 2)Add error-checking 3)Compress it (to make the data look random) - and to save space 4)Encrypt it. (the resulting data should now look very-nearly like random noise) 5)Replace the least-significant 2 bits of the tree image.

At this point, we should have a steganographic file, which will not draw attention to itself, which will probably (depending on randomness of step 4) escape detection even if it is suspected, and which even if it is discovered to be steganographic, cannot (hopefully) be unencrypted.

  1. Encrypting can certainly be an additional useful step, in that it prevents total disaster if the message is detected. But it is not necessarily true that the near-random distribution of bits found in modern digital ciphertexts will be harder to detect. Your step 5) can be generalised to "map the hidden message to the covertext in such a way as to minimise changes in its statistical properties". If the LSBs of the image are not as random as a ciphertext -- as is usually the case -- then it is not impossible that encrypting first will actually increase detectability. The continued study of steganography of course looks at mapping methods which minimise these changes for various types of input texts, and for some combinations of methods and covertexts it might happen that a very random stegotext is optimal. But probably not for this method.
  2. In general, if you are going to add ECC you need to do them after encryption. Most encryption methods, and all compression methods of which I am aware, expand errors; so if an error occurs in transmission, the message will decrypt with a lot of junk, decompress with even more (if it decompresses at all) and then there will be too much garbage for the ECC to be able to salvage anything. Of course if you do ECC after encryption that then adds structure to the message which might make steganography harder; but there doesn't seem to be much point doing it the other way. -- Securiger 06:17, 2 August 2006 (UTC)
The above proposed technique is incredibly weak against statistical analysis and can be blindly detected on single image. You've replaced the least significant bits with uniform random data, yet the original LSB were not uniform random data (if they were, we might as well not store and transmit them as they'd be conveying nothing useful). There are more complicated techniques which attempt to preserve the overall statistical properties by flipping even more bits, but these too are highly vulnerable to simple *linear* analysis through tools like Stegdetect. The current state of the art in undetectable digital steganography is the technique of Perturbed Quantization of J. Fridrich (a free software implementation exists [4]).--Gmaxwell (talk) 02:46, 11 April 2009 (UTC)

Keyboards that talk IP!

Removed bogus "technique". This doesn't even sound plausible; removed for now. Viral keyboard firmware which can transmit data over a network? It's not even April 1st! Come on guys, let's sanity check out facts before making edits... If anyone would like to reinstate, please include suitable citations!

This was done at USENIX this year: https://db.usenix.org/events/sec06/tech/shah/shah_html/index.html

Lunkwill 21:29, 12 August 2006 (UTC)

Camera/Shy and Hacktivismo

Should Camera/Shy, a steganography program dedicated towards allowing users in censored countries to access censored material be added, or does this violate some WP policy? If I don't get a response soon I'll post up a bit on it.

Isn't that encouraging people not to reply? I've looked up Camera/Shy and you might want to use the following link: Camera/Shy Perhaps in the external links with a short blurp ("a <what is it> that <what makes it special>"). Shinobu 18:09, 31 August 2006 (UTC)

Why?

I don't know... perhaps Wikipedia is not a link farm? I can't be any more specific without the actual url that has been removed. Shinobu 01:48, 23 September 2006 (UTC)

Use of italics

Despite being dismissed by security experts [5][6], the story has been widely repeated and resurfaces frequently. It was noted that the story apparently originated with a press release from "iomart" [7], a vendor of steganalysis software. No corroborating evidence has been produced by any other source.
Moreover, a captured al-Qaeda training manual makes no mention of this method of steganography. The chapter on communications in the al-Qaeda manual acknowledges the technical superiority of US security services, and generally advocates low-technology forms of covert communication.

The italics in this section look very dodgy (and, specifically, not NPOV). The actual comments within the italics are fine, provided that they are true, but do not need to be italicised.

Unless the italics are some kind of steganographic signal pointing at hidden content, of course... :) --Sapphire Wyvern 07:10, 27 September 2006 (UTC)

I have removed the italics. I agree with Sapphire Wyvern's post. The italics immediately jumped out to me as potentially violating NPOV when I first read the article: not just offering the evidence contradicting the NYT article but 'trying to make a point' about just how wrong the article was. Rfrohardt 19:33, 22 February 2007 (UTC)

Thermal Noise is not 1/f Noise

This article states that "Any system with an analog (signal) amplification stage will also introduce so-called thermal or "1/f" noise, which can be exploited as a noise cover." This sentence makes it sound like thermal noise is 1/f noise. In fact, 1/f noise is Flicker Noise, which is a completely separate noise source from thermal. I suggest this error be corrected as soon as possible. Since this is considered a 'good article' I hesitate to make the changes myself. --Dirkbike 19:55, 30 October 2006 (UTC)

Well, it's been about a week so I decided to make the corrections anyway. Please let me know if there are any objections.--Dirkbike 23:58, 5 November 2006 (UTC)

Fujitsu system for hiding message in a printed picture

i have just read a bbc news item about a system that fujitsu are developing to hide messages. I them looked at this artical to see if I could find more info about it. maybe someone should add somthing to this artical about this. the url was http://news.bbc.co.uk/1/hi/technology/6361891.stm --82.12.52.135 17:43, 15 February 2007 (UTC)

Ah ha, darn, you beat me to it :[ I was just going to talk about that here. That Jason 23:47, 15 February 2007 (UTC)

Implementations section

Would anyone have any objections if I removed all of the software listed under the "Implementations" section which didn't have a Wikipedia entry/moved it under "See also"?

At present, it seems to fall foul of WP:NOT#LINK; those software systems which are notable should probably have Wikipedia article on them - otherwise it just seems like a linkspam-magnet? Nuwewsco 13:23, 6 July 2007 (UTC)

I wouldn't remove all of them since some are indeed valuable examples of steganography. Why not just remove the ones that can't be used quickly and easily (i.e. 2 of the 3 online ones are libraries, not complete steganography tools. I am sure the same is true of some of the downloadable ones.) 15:23, 9 July 2007 (UTC)

quotes

Several quotes on this page are both enclosed in quotation marks and italicized. Typical English usage is to quote only or italicize only. Is there a manual of style guideline for this? --ESP 14:50, 9 August 2007 (UTC)

Re: Terrorism Rumors

Ref 9, the Jamestown Group is an interesting summary, but is it supported by any other references or evidence? Is there any assertion or evidence of the Jameson Group's NPOV or objectivity?

Ref 10, the Steganography Analysis and Research Center appears to be a commercial product rather than a resource. Can anyone confirm it's utility? Is there a freely available database, eg at Mitre?

Although Niels Provos' research is dated, his brute force analysis of eBay and Usenet in 2001 do help to debunk this pernicious rumor about terrorists. and if anyone is familiar with that work, perhaps they could stub out a page on it. Both statements apply equally to Elonka Dunin's work as well. Both are linked at the bottom of the article, but perhaps could be cited directly in the section on the rumors.

-- No it doesn't. The Provos study looked for evidence of 5 steganography applications. You cannot assert that steganography is not being used when you are only looking for 5 out of hundreds, if not thousands of steganography applications exist. — Preceding unsigned comment added by 24.131.123.84 (talkcontribs) 00:42, 5 April 2013‎

Politically, I'd like to see the rumor soundly debunked, as would many others. This sort of unproven rumor is used to justify restrictions on security software and decreased civil liberties the world over. Scientifically, I would love to see some proof or disproof, and surely this is not so hard to provide. My main motivation for commenting here is that the debunking in the main article doesn't seem very strong or clear.

Thanks, Adricnet 21:53, 2 October 2007 (UTC)

Braincopter

In case someone is interested, there is an esoteric programming language called "Braincopter", which is based on Brainloller which itself is based on Brainfuck.
It can be used to hide Brainfuck applications on png images. Some examples: Hello world and Lost kingdom. --83.34.126.69 (talk) 15:05, 13 April 2008 (UTC)

lossless

I'd like to see "lossless" defined, with a good hyperlink MargaretBartley (talk) 02:53, 5 June 2008 (UTC)

you are doing stegno —Preceding unsigned comment added by 220.225.6.32 (talk) 06:06, 30 July 2008 (UTC)

Lossless is just a common term which means that no data of the image is lost when you save in that format. When you save as a jpeg (lossy compression), the image you save will not be identical to the original image. Gazok (talk) 15:00, 24 May 2009 (UTC)

The references section was really a massive dump of external links. I've removed most of them, particularly those that provide programs that let you generate or read encrypted pictures or whatever. The DMOZ is a good place to find stuff like that (now an EL), but overall it's just begging to be stuffed with spammy links to programs and companies, and they're not informative. I've split the section into "Footnotes" for inline citations, and "References" for the, I assume, general reference citations. These would be more useful to readers if embedded as inline citations, but for now they are OK. I've also removed the lower-quality and value links, such as the links to large masses of other articles. If it's not a link to an actual article, it's not a reference. WLU (talk) 14:56, 2 September 2008 (UTC)

Alleged use by terrorists section removed

In that section, some of the referenced links did not work, however the remaining references were (common) journals, which are not exactly to be the source of Wikipedia. I agree on a section on "use by terrorists" - however the topic should be widened, e.g. "use by warez pages", "famous historical stories" maybe in world war II or during the cold war, etc. So I think, before putting the removed section on again, it is to be reedited. (I hope, you understand and accept my reasons, my english is probably not good enough to explain my reasons well enough.) —Preceding unsigned comment added by 80.98.218.173 (talk) 21:52, 4 January 2009 (UTC) Sorry, I forgot the artistic use in literature. Maybe it should be mentioned in a lexicon. —Preceding unsigned comment added by 80.98.218.173 (talk) 21:55, 4 January 2009 (UTC)

Sorry, I was total wrong, and inconsiderate, you're right. Good job. —Preceding unsigned comment added by 80.98.218.173 (talk) 20:28, 5 January 2009 (UTC)


The link for Citation # 3 is no longer valid. I've never edited Wikipedia before, so I'm not sure how to go about resolving that. 24.31.231.26 (talk) 06:27, 17 April 2009 (UTC)

Trying the cat-in-the-tree example yourself

I suggest to add following somewhere near the image:

(We know that we need the 2 least significant bits, so i AND-mask the 8-bit channel values with 00000011 binary, or 0x03 hex, so the RGB bitmask is 0x030303) To recover the cat from the tree-image, you can do the following (note: the convert tool is part of ImageMagick)

 convert StenographyOriginal.png -evaluate And 0x030303 HiddenImage.png

This hidden image contains the cat, but it is very dark (since it only uses the 2 LSBs), so i left-shift the bit values by 6 places, so my maximum possible 00000011 bit value becomes 11000000.

 convert StenographyOriginal.png -evaluate And 0x030303 -evaluate LeftShift 6 HiddenImageEqualized.png

Now you can clearly see the cat.

what do you think? 84.59.115.163 (talk) 07:04, 24 April 2009 (UTC)

Well, I don't know. I tried that and it didn't seem to work for me. I copy-pasted your code exactly and it still only produced a darkened image.

Gazok (talk) 15:23, 24 May 2009 (UTC)

ImageMagick reacts differently when called from Cygwin or Dos prompt - simply try converting the hex number to dezimal, so instead of 0x030303 use 197379 —Preceding unsigned comment added by 217.238.237.206 (talk) 21:33, 13 September 2009 (UTC)

I think that instructions like this should be provided. Otherwise these images should be replaced with something more accessible and open source. The "cat avatar" in Use By terrorists section[1] includes a really easy to use example with an accessible web interface. Meanwhile I couldn't figure out from this article how to easily turn StenographyOriginal[2] into Steganography_recovered[3].

In their present form, I believe that these images provide far less value than the "cat avatar" as a learning resource. Likewise there are a couple of example of free online systems that can be used to test out steganography without purchasing software or in some cases without downloading anything. More on that later. KonigProbst (talk) 07:31, 17 March 2014 (UTC)

References

Physical steganography

Another example for under section # 2.1 Physical steganography is the scytale.--66.206.249.200 (talk) 14:48, 12 August 2009 (UTC)

Steganography Example

You might want to check out Amherst's Woods. —Preceding unsigned comment added by 70.109.253.46 (talk) 05:55, 26 August 2009 (UTC)

"Technical Mujahid, a Training Manual for Jihadis"

I've added a {{fact}} template to the section concerning this - from the Jamestown article, "Technical Mujahid, a Training Manual for Jihadis" is an online publication, so shouldn't be too hard to include a reference to it - but I can't find any?! I would expect such a manual to be extremely easy to find on the internet, but... Nothing. Sounds a bit dubious? Nuwewsco (talk) 21:30, 26 November 2009 (UTC)

The Intersect, a joint CIA/NSA computer in the TV series "Chuck", consists mainly of a large database encoded with Steganography techniques in images. —Preceding unsigned comment added by 174.27.35.161 (talk) 06:14, 4 February 2010 (UTC)


Security by obscurity?

I would not consider steganography in general to fall under this category. The algorithm and the design part are not necessarily secret, and just hiding "something" is not enough to fall under this category, which has a derogatory connotation. Symmetric ciphers also keep the secret keys and the encrypted message secret and are not considered to be security by obscurity. MarioS (talk) 18:34, 22 September 2010 (UTC)

The definition of Security through obscurity fits. The derogatory connotation isn't really relevant. Steganography may include but does not imply encryption. The integral concept is that of using "secrecy to provide security." Spacexplosion[talk] 20:06, 22 September 2010 (UTC)
From Security through obscurity: "A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them." This clearly refers to the secrecy of the design, not secrecy as a security goal. --MarioS (talk) 13:11, 12 October 2010 (UTC)
That quote is an independent statement that does indeed refer to secrecy of the design. Much of the context in which security by obscurity is often talked about does not apply to steganography, but the basic definition does. In its simplest form steganography supplies security only through secrecy. One might argue that steganography is not a form of security at all, but that would depend on the assumption that secrecy is not a valid security goal. Spacexplosion[talk] 16:00, 12 October 2010 (UTC)

Security through obscurity has a specific definition in security engineering. This article stretched that definition incorrectly. In the context of security engineering, obscurity refers to the secrecy of an algorithm or implementation, in contrast to Kerckhoffs's principle. Not all implementations of steganography are "a form of security through obscurity." This is explained by Professor Fridrich et al. in **Searching for the Stego Key**, with M. Goljan and D. Soukal, *Proc. SPIE, Electronic Imaging, Security, Steganography, and Watermarking of Multimedia Contents VI*, vol. 5306, San Jose, CA, pp. 70-82, 2004. If someone wishes to change the academic definition, they can publish in academic journals, not impose their opinions contrary to the scientific consensus on Wikipedia. — Preceding unsigned comment added by 206.126.80.37 (talk) 15:14, 23 January 2014 (UTC)

Hello,

We've added an external link to the steganography related webinar to this article and to Steganography tools article. But our website has been reported as a spam. We understand what's we've done wrong according the policy of Wikipedia and we are very sorry about this.

But we'd like to keep a link to us on 'Steganography' page only because this is not an advertisement, but real scientific work that our community at Belarusian State University is doing during last 5 years. The next steps that we are going to execute based on our road map are to broadcast and share our knowledge with others who are interested in this area. As a first step the webinar has been executed in collaboration with IEEE Lithuanian section and Vilnius Gediminas Technical University. Our plans for next year(s) are to continue work in security area, to share our knowledge and to be joined with all interested people all over the world. That's the only reason we've decided to put a link on a Wikipedia site, as we'd like to connect our knowledge via that external link.

Our only one goal is to leverage and share knowledge in steganography area.

Hope this will change a look to our scientific community web-portal from black to white.

Thanks and Kind Regards, ScientistBy Research Team (dr. Iryna Chvarkova, dr. Siarhei Tsikhanenka) ByScientist (talk) 11:12, 26 December 2010 (UTC)

While I would ask you to remember WP:COI, the link looks OK to me. Peridon (talk) 13:33, 26 December 2010 (UTC)
@BYScientist: Before adding that link again, ask yourself to what extent it is interesting to Wikipedia and the article. Will people having read the article find the information you provide useful? Per WP:EL, why would a WP:FA on this subject include a link to your site? --Fama Clamosa (talk) 17:49, 26 December 2010 (UTC)
@Fama Clamosa: we think that the link is really interesting for people, because there it is possible to find video webinar (the first in a scheduled chain) where the main principles of LSB based steganograpgy are explained, and also foundation of the steganalysis (the most comlicated part of steganography) is well described. We'd like to only share our knowledge, as we are doing researches at Belarusian State University (Minsk, Belarus) in Steganography area during last 6-7 years, prepared about 15 students in this area and one PhD. Now we are on the stage that we are preparing an external video course for steganography and steganalysis. Do think that a link to us will not be interested to people who'd like to know more about Steganography? ByScientist (talk) 22:23, 26 December 2010 (UTC)
@Fama Clamosa: we've reviewed WP:EL once again and found out that information that we are going to link suites to 'What should be linked' section point #3. Additionally, our web site is driven by Belarusian State University (Belarus) in collaboration with Vilnius Gedimino Technical University (Lithuania) and we beleive that results of such kind of collaboration will be new and quite interesting ByScientist (talk) 22:42, 26 December 2010 (UTC)
You keeping name-dropping the two universities. I'm not impressed. What's this about only having 15 students? Why is this lecture better than any of the others available online? Spacexplosion[talk] 00:02, 27 December 2010 (UTC)

@All: Dear Wikipedia Editors, Let us please briefly describe what is new in our webinar session and why we’d like to link it to this article. During last years we’ve made researches of robustness of the steganographic algorithms and also in steganalysis area, as a tool of testing robustness. There are several scientific articles have been published by us in Belarusian scientific magazines for the following topics:

  • LSB modifications for several bits in each sample replacement in audio containers and still images analysis;
  • Steganographic security schemas: from password capturing to real data shuffling;
  • Steganalysis approaches for hidden data allocation in LSB modified still images

Now we’ve faced with an issue that according to the copyrights documents that have been signed by authors there is impossible to post our results directly to the Steganography Wikipedia article, but we can share the basis via our video lecture, and we will continue doing our best to make this information public. That’s the main difference between our webinar and regular steganography relevant videos that could be found at Internet, and moreover, we have not mentioned any software that we’ve developed or use for embedding and steganalysis, we’d like to broadcast only scientific foundation and the results. That’s the reason why we’d like to connect our ideas and researches with world wide known information about steganography. Kind Regards, ByScientist (talk) 05:38, 27 December 2010 (UTC)

The articles that you mention don't seem to be present at the site you linked. I appreciate your politeness and that you are editing in good faith, but I don't think this lecture is a very useful external link. The Further reading section already needs pruning. Spacexplosion[talk] 21:29, 3 January 2011 (UTC)
@Spacexplosion Good, thanks for clarifications! I've also talked with Fama Clamosa and it seems now it is clear for me how to make this article better and not just link to our scientific community web portal. ByScientist (talk) 09:47, 4 January 2011 (UTC)

Steganart

Can someone convince me that the "steganart" image is at all relevant to this article? It looks like a vanity insertion by the artist. I can't even interpret it, and even if I could I don't think it's "steganography", just some eccentric rule-based art. -- Madeleine 23:13, 2 May 2011 (UTC)

Well, nobody responded.... I'm going to go remove it.Madeleine 02:39, 19 May 2011 (UTC)

Real-life intersect?

Hey there! I am new to Wikipedia and I was doing some searches of my own on the intersect from the "Chuck" TV show and I read at different places that all the insersect thing could be possible and that it was based off the steganography. I watched some intersect videos on Youtube and other websites and amazingly enough, while watching the TV show, these informations I would have seen from the intersect videos would come up in my mind and I would remember them. I don't know if it's just me or what, but I have tried watching other similar videos where we see multiple pictures sliding really quick and it didn't do anything (as far as I could see). Only the ones from the "Chuck" TV show were actually getting into my brain and I think it was due to the way they were shown with the weird sound and everything in the videos.

So this makes me wonder if the intersect thing would be possible in real-life and if so, how?

Sorry if this is not the right place to post, but since it is a "Talk" and not a normal article, I thought it was okay and meant for it. Thanks for replying and have a nice day! HTCormier (talk) 03:13, 7 June 2011 (UTC)

P.S.: I will add the links to the different videos and wikipedia links I talked about, but feel free to comment and/or edit and add more information as well.

This is definitely not a place to ask hypothetical questions about real life. See Wikipedia is not a forum. Spacexplosion[talk] 18:05, 7 June 2011 (UTC)

Removing ADS

There somebody from SARC who's repeatedly adding ADS and indirect ADS to this article. Removed all that promo links and texts. People interested in steganography sw may add links to relevant/experimental opensource projects (non commercial) in the proper page. Blackvisionit (talk) 17:59, 19 July 2011 (UTC)

I took a look at the activity of this IP : 75.145.35.25. During this month he's been doing a continuous spam work for SARC. Should we block its access to this page for a while? Blackvisionit (talk) 18:40, 19 July 2011 (UTC)
There is a misunderstanding about the current state of research in steganography detection. There is the traditional approach, called Blind Detection, that looks for steganography without prior knowledge of the steganography application used to hide information. A new approach, called the Analyical Approach to Steganalysis, was developed by the Steganography Analysis and Research Center (SARC). This two-pronged approach begins with detecting the presence of steganography applications (called artifacts). StegAlyzerAS is the only software available (commercially or otherwise) that uses this methodology. The second step in the Analytical Approach to Steganalysis detects files that have been manipulated by steganography applications (called signatures). Again, StegAlyzerSS is the only software available (commercially or otherwise) that uses this methodology. That being said, the references to the software are not advertisements, yet simply demonstrations of software with the capability to perform the Analytical Approach to Steganalysis. If another person or company comes out with software that performs this, then they should be listed as well. There are several instances on Wikipedia where examples of a particular type of product relating to the subject matter are explicitly mentioned in the article. For example, according to Blackvisionit's logic, it would also be wrong to list Microsoft Windows as an example of an operating system. — Preceding unsigned comment added by 75.145.35.25 (talk) 19:36, 22 July 2011 (UTC)
Really going to think that you didn't already understand the basic rules and principles of Wikipedia. However as long as keep your advertising-style comments in this page there's really no problem! Blackvisionit (talk) 21:31, 22 July 2011 (UTC)
I'm not impressed. I don't care what the US Patent Office says; naming a trivial combination of procedures doesn't make it a new approach that "no other software (commercially or otherwise) is using." If it's so revolutionary, let's see some reliable secondary sources heralding this innovation. Spacexplosion[talk] 23:19, 22 July 2011 (UTC)
I also not impressed at all. All this Analytical Approach stuff sounds to me as junk-sw sold to steganography newbies. I'm a steganography developer and a serious stego-sw would never be revelead by such an approach! Blackvisionit (talk) 00:26, 23 July 2011 (UTC)

Neverending spam activity from User:75.145.35.25 (= SARC), up to now:

  • section: Analytical approach
  • reference: James E. Wingate and Chad W. Davis. "An Analytical Approach to Steganalysis". Forensic Focus Journal. Retrieved 13 October 2011.
  • reference: StegAlyzerAS Steganography Analyzer Artifact Scanner
  • reference: StegAlyzerSS Steganography Analyzer Signature Scanner
  • external link: SARC A Backbone Security Center of Excellence providing tools for steganography detection and extraction as well as Certified Steganography Examiner Training]

Page should be semi-protected to stop this activity ZipoBibrok5x10^8 (talk) 16:34, 13 October 2011 (UTC)

Reverted blanking/vandalism from User:24.131.123.84. The IP geolocation is from the same country as User:75.145.35.25... ZipoBibrok5x10^8 (talk) 03:57, 23 April 2013 (UTC)

This article was mentioned during an NPR interview

Disguising Secret Messages, In A Game Of Spy Vs Spy - May 11, 2012

Last May, German investigators found secret files embedded in a pornographic video on memory cards being carried by a suspected al Qaeda operative. Peter Wayner describes the history and technology of the technique for hiding information, known as steganography.

....

FLATOW: Is there someplace you can study it? You know, is it a topic you can take in college, or do you have to go to a special school or military to study this?

WAYNER: Well, you know, there are several books out there, and, you know, some - if you want to take it in college, there are some general courses on encryption, and they often get kind of lumped in there, and they'll spend a week or two on steganography.

There are - you know, you can poke around. The article on Wikipedia is quite nice. And so somewhere along all those different choices, you can get a pretty good education.

http://www.npr.org/2012/05/11/152508358/disguising-secret-messages-in-a-game-of-spy-vs-spy

-- Avanu (talk) 22:25, 16 May 2012 (UTC)

  • Thank you for your suggestion. I've added this as an official mention of Wikipedia in a news source. Glad to hear that Wayner has such a high opinion of our work here. KonigProbst (talk) 06:16, 17 March 2014 (UTC)

Exemples:

Check the abuse on the "Matzek" "leading" user.

http://www.youtube.com/watch?v=ALhwQKTRAgA http://www.youtube.com/watch?v=YFh2vpGeoIk http://www.youtube.com/watch?v=CW9sR0UGovA http://www.youtube.com/watch?v=9cNZs_SKdGQ

http://www.youtube.com/watch?v=k9Kf4esMvdE http://www.youtube.com/watch?v=RWPQS0LiuFI — Preceding unsigned comment added by 79.117.44.240 (talk) 06:34, 11 December 2013 (UTC)

Post Scriptum: Edward Snowden "scammers" are, in fact, "spammers"79.117.44.240 (talk) 06:40, 11 December 2013 (UTC)

  • Can we delete above? This comment doesn't make sense. First link is to a lyrics video. I don't think that this article needs more links to "exemples (sic) on YouTube."

KonigProbst (talk) 05:54, 17 March 2014 (UTC)

'VICIPEDIA' reference

Perhaps there could be a note as to how the Latin text is manipulated to produce Vicipedia ('ie every Xth letter' or whatever) Jackiespeel (talk) 11:19, 29 November 2014 (UTC)

In "Polygraphiae" by Johannes Trithemius is a kind of table starting at page 71 with a code word for each letter which has to be coded. The code words for VICIPEDIA are on page 71 to page 75. Try it yourself! Dominus sapientissimus constochens homines retribuat exquirentibus dulcedo sanctissimi = Eisfisch (talk) 23:36, 29 June 2016 (UTC)

error (unused vs. unsued registers of IoT/CPS)?

At the section: Cyber-physical Systems/Internet of Things we can see, what I think is a typo (miswriting)

Academic work since 2012 demonstrated the feasibility of steganography for Cyber-physical systems (CPS)/the Internet of Things (IoT). (...) However, specific techniques hide data in CPS components. For instance, data can be stored in unsued registers of IoT/CPS components and in the states of IoT/CPS actuators.
  • stored in unsued registers of IoT/CPS

I've changed the word: unused versus unsued. --PLA y Grande Covián (talk) 13:13, 15 September 2017 (UTC)

Splitting the article up

I'd like to make some bold changes. There is a list of steganographic techniques that is quite long, but is incomplete. I recommend creating an inclusive separate article, called "List of steganographic techniques". The "Steganography" article would be pared down, summarizing the main categories of steganography, with only some notable examples. I think this would make the article more readable, but also retain lots of good information. Thoughts? Epachamo (talk) 01:23, 28 November 2023 (UTC)