Re: Steganography

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Sun Jun 06 2004 - 12:38:51 CDT

Oops, errant keystroke sent it early...

>> Another sneaky thing... trailing spaces at the end of lines.

On Jun 6, 2004, at 11:30 AM, Douglas W. Jones wrote:
> If you set your tab stops every 8 spaces (the Unix default and very
> common in C and C++ programming as a result), you can follow each
> tab in the string of tabs starting at the beginning of a line with
> from 0 to 7 blanks

This indeed fits a lot of information into a covert channel within an
ASCII file.

I think this information is particularly likely to be erased during
intermediate handling though. For example, one of the first things I
do when I get a source file I intend to modify is to convert its
spacing conventions to those governing a project (or sometimes just to
what I want, since I'm annoyed by files that do it "wrong"). For
example, per the Python team's recommendations, I remove all tabs from
Python source files, replacing them uniformly with four spaces per
indent level. Many programmers text editors and external utilities do
this sort of thing with a simple option.

Of course, depending on your threat model, modification may or may not
be a danger to the channel. For example, if I wanted to smuggle a
message on an EVMix live-CD, the CD (and all its source code) would be
signed as certified. A simple change to spacing conventions would
bring the signature out of sync with the certified version. So my
secret message basically cannot be removed (but it can only be read by
someone who both knows to look, and knows the key used to encode it).
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Jun 30 23:17:09 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:29 CDT