November 18th, 2005, 06:04 PM
Fun project for programmers.
I am in no way a programmer so I figured I'd put this out in the community for everyone to tinker with.
The program: StegoTalk
StegoTalk would allow people to chat back and forth using stego encryption.
How it works:
Each user would have a passphrase they setup.
One user would type a message and once enter is presssed the program would encrypt the message into an image then send the image to the other user where the program then decrypts it using the passphrase and display the message.
Several images/passphrases could be used for multiple chat sessions with different people.
passphrase lists could even be setup. For example new passphrase for each day/week/month/whatever.
The security part is that the message is encrypted then sent to the next user. this would mean no chance of anyone reading the message. encryping and decrypting would take place at each end automatically. No need to manually type steghide and put in the passphrase.
A thumbnail of the image could also be displayed so users could see if the image had been changed.
I would assume the program could also "autogenerate" images using patterns or user specified images.
Another cool feature would be to show how many char. can be typed untill the image memory is full.
Again I don't know how to program but I think this would be a cool standalone app. or maybe even a plugin for kopete/gaim/kmerlin/etc.
Let me know what you think.
Whats a \"START\" button?
November 19th, 2005, 12:26 AM
Interesting idea. It'd be neat to see it implemented, but I don't think I'm the man to do it. You're talking image as in one you look at right? Depending on the image wouldn't that be sort of slow? Also, how do you get each other the passphrase? I've been thinking about doing something like this, except with normal encryption, not disguising a chat session as transferring images. I'm sort of confused about how you would start the encrypted session. Seems to me that at some point there's got to be something going over the wire in the clear that will give you away. I think they overcome this with private and public keys, but I'm not sure I could do that without using existing libraries. Keep the ideas flowing. Peace.
November 23rd, 2005, 11:34 PM
Sorry it took so long for me to post back.
I imagine the size of the image would make it more of a broadband users program.
The passphrase would be a problem. I'm sure someone could find a way to posibbly encrypt it as well.
Chat program that uses stego-pgp-and several other forms of encryption. I can see the fbi chewing off their nails now.
I looked into how a program like this would be done, and it looks like chat program are not too complicated to make. However, once you get into encrypting things and making passphrases and such it seams to complicated it a bit.
perhaps I'll look into python programming and see if I can pick that up. I hear its a lot like c but easier. Of course with small amounts of time to spend on these new hobbies isn't everything hard?
Whats a \"START\" button?
November 24th, 2005, 12:08 PM
Ok a few issues i see with this....
1. Speed : First of all it will take longer to transfer the image than text. Also you ahve the time on eahc end to encrypt/decrypt the message
2. There are already better secure chat programs out there which do not rely on stego. Yes it would be a novelty but not practical with no real market
3. You still have to transfer the passkey somehow between each chat member so they can encode/decode the messages. If someone is snooping your convo then they will prolly also be able to snag your passkey when it is sent anyways.
if you are wanting to build it as a POC or just to learn something new, go for it! But I dont see it having any realworld applications.
November 26th, 2005, 09:14 PM
This sounds like it could be a fun project. It would take time to implement and would have some implementation details to work out (store data in the Least-Significant Digit or some advanced technique?) and may not be practical, but could be a fun thing to give to friends you want to talk to somewhat more privately.
I'll just point out some things you may want to look at / address before getting too deeply into this...
Computer-generated images generally make poor carriers of stego-hidden information because they are very predictable. Photographic images are ideal because they have noise and other random data that you can use to hide data inside of.
So the user would need a huge archive of photos for their conversations because the application would be unlikely to be able to generate ideal images to hide data inside of. I have a huge library (~400GB and growing) of photos I took myself, but I wonder if other users would have enough source material for really long conversations. My ISP would likely complain if I uploaded a 10MB image for each "hey" or "lol" said in chat.
One more thing is having a conversation with multiple recpients. Here public-key encryption shows its weakness (same message to multiple encrypted outputs), while private-key encryption shows some robustness (same message to same encrypted output).
You'll want a private-key approach to sending the encrypted messages, but with some way to authenticate the message (public-key) - the RSA Message Digests you see in some newsgroup posts is great here. Basically the application could use public-key methods to transfer a private key that everyone in the same chat session uses for communication, and then at the end of each message or somewhere it is signed by your own key.
Otherwise anyone in your conversation could pretend to be yourself or anyone else in the conversation (no authentication). Or if you use a pure public-key encryption technique, it could possibly fail to some kind of known-plaintext attack.