Cryptography or steganography?

RSA and DES keys keep growing in length, to keep up with increasing computational power. Keys we were using 15 years ago are laughable now. And according to a nice graph in April’s IEEE Spectrum, ridiculous amounts of computing power are cheaper than ever. I wonder how long before people give up on encryption altogether.

Some applications really require cryptography. It’s difficult to hide the data traffic from an ATM machine, for example. But for many other applications it’s really easy to hide data inside the gigabytes of junk we download and upload on a daily basis. This is called steganography. Images are especially useful to hide other data in. It is so easy to delete the least significant bit of every pixel and use that space for something else. A normal, 3-color, 8-bit-per-channel photograph taken with a 5 megapixel camera has 15 million least-significant bits to play with, undetected. That’s almost 2 Mb. And if the least significant bits look like this, would you think much of it?

secret message

Of course, the JPEG compression completely wipes out those bits, so this is not very useful in practice. But there exist techniques to hide data in a JPEG file. You just need to use the least significant bits of the least significant components of the compressed data. Easy!

The image above I made while toying with some very simple encryption idea. I don’t really know if it counts as encryption, it doesn’t require a key to decode. Or rather, the key is included with the data. But it makes the message look like random values. See if you can find the secret message!

4 Responses to “Cryptography or steganography?”

  1. On September 22nd, 2009, at 14:53, Ludwig Schmidt-Hackenberg said:

    Hi Cris,

    I think is actually rather good, that the relative strength of encryption decreases over time. What secret is so vital, that you still need it to be secret in 20 years? And if it is so vital, than you can just reencrypy it. Steganografy on the other hand relies, imho, on the principle of security through obscurity, which bad “a is difficult or ineffective to keep the details of systems and algorithms secret” (wikipedia). Also from a researchers point of view. Hiding data now, means also hiding the data from future scientists.



    p.s. flagging encryption also means, that I can now access encrypted (personal) data, that I have lost the key for…

  2. On March 11th, 2016, at 2:04, jorge luis garcai arreola said:

    is a woman sitting

  3. On March 20th, 2016, at 3:57, Cris said:

    Wow, it’s been almost 6 years since I posted this, and nobody has figured out the way I obscured the data. I thought I included a good hint by making the image 233×226 pixels in size. 233 is a prime, and 226 is double a prime. So you can split the image horizontally into two equal-sized halves. If you XOR those two halves together, you get the message:

    a = readim('crypt.png')
  4. On November 1st, 2017, at 15:33, Narcélio Filho said: