Hacker News new | past | comments | ask | show | jobs | submit login

I believe that blake8086 was referring to the content of the hidden message when he said plain text. He is asserting that if you hide 'hidden message here' in something, you are using security by obscurity, but if you try to hide ENC('hidden message here', 'secret key goes here') you are going to make the detection of the presence of your secret message easier.



I argued against the latter point: if you hide the encrypted message in something which is normally compressed such as JPEG or DivX, the encrypted message blends in with the rest of the data because compressed data has high entropy (the better the compression, the higher the entropy). I don't get your point about security by obscurity, that's pretty much the whole point of steganography I would suppose. Security by obscurity is mostly a slogan to criticize not publishing algorithms etc.


You need to quantify "blends in". If I [an attacker] plot a distribution of the entropy in all your files, and some of them are outliers, even by a small amount, I can focus all my analysis on those files.


outliers, even by a small amount

Looks like you're getting the hang of it: good steganography relies on having better statistical models than the opposition.

Things are weighted in favour of the concealer, however, as (unlike the attacker) he doesn't have to worry about false positives/negatives


Yes, thank you.

Furthermore, hiding even an unencrypted message still adds entropy, since you're encoding more information in the same amount of space.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: