[9471] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: "Pirate Utopia," FEED, February 20, 2001

daemon@ATHENA.MIT.EDU (Greg Rose)
Mon Sep 24 18:04:19 2001

Message-Id: <4.3.1.2.20010925071143.022093a0@203.30.171.11>
Date: Tue, 25 Sep 2001 07:14:55 +1000
To: Ray Dillinger <bear@sonic.net>
From: Greg Rose <ggr@qualcomm.com>
Cc: Nomen Nescio <nobody@dizum.com>, cryptography@wasabisystems.com
In-Reply-To: <Pine.LNX.4.21.0109241138120.6890-100000@bolt.sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 11:44 AM 9/24/2001 -0700, Ray Dillinger wrote:
>On Mon, 24 Sep 2001, Nomen Nescio wrote:
> >The Stegdetect paper proceeded to further analyze the 20000+ images by
> >looking for passwords that would produce meaningful messages from the
> >hypothesized hidden content, via dictionary attack.  No valid passwords
> >were found, and the authors concluded therefore that these were all
> >false positives.  This does not seem to be a fully supported conclusion.
>
>Actually, dictionary attacks reveal about sixty percent of passwords,
>so for every six passwords you find on a dictionary attack, you can
>infer ten actual stegotexts times the ratio between your analyzed and
>discovered (possibly-false) positives.
>
>While he has analyzed only two percent of his sample, that's a sufficient
>number that if even even a tenth of one percent of his positives were
>real he'd have discovered at least a few passwords.
>
>The paper is solid statistical methods; lack of any dictionary-yeilding
>passwords in that big a sample is very strong evidence that the sample
>is overwhelmingly made up of false positives.

I'm afraid I have to disagree. They could all be images manipulated by a 
different steganographic program from the one(s) that are being tested, 
and/or they could all have been manipulated by very disciplined people 
using high-entropy passwords. Lack of evidence is at most suggestive.

Greg.

Greg Rose                                       INTERNET: ggr@qualcomm.com
Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,                http://people.qualcomm.com/ggr/
Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
home help back first fref pref prev next nref lref last post