Usable Stego

[jim.halfpenny at gmail.com (Jim Halfpenny)]

One use for stego is to hide encryption keys. Even passphrase
protected keys are vulnerable if compromised if enough brute force is
applied. Using stego to hide a key, given that the key is generally
much shorter than the encrypted payload, would seem to make a lot of
sense given the limitations of stego.

I believe truecrypt offers a container format where a second 'fake'
passphrase unlocks an extra area of the container for use if you are
forced under duress to reveal the passphrase. While this isn't
technically stego the trick bears a passing resemblance and I applaud
it's sneekiness.

Jim

On 8/9/09, Adrian Crenshaw <irongeek at irongeek.com> wrote:
> Ok, I'm prepping up for my Anti-Forensics class, and I'm looking into
> steganography. All the tools I've looked at seem to be too much of a pain in
> the butt for me to see folks using them to hide their pr0n stash or illicit
> business practices. Passing messages, maybe. Anything out there that you
> would see as useful? Maybe something that lets you mound a large AVI or
> something as a drive and lets you randomly add and remove files?
>
> On a side note, can you think of a time when stego is used as something more
> than a parlor trick?
>
> Adrian

-- 
Sent from my mobile device