Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Cryptography and Steganography.  (Read 1106 times)

Grimshot

  • Bay Watcher
    • View Profile
Cryptography and Steganography.
« on: August 20, 2011, 07:03:39 pm »

 I'm interested in learning about these subjects and I was wondering if anyone could recommend to me any good books on them. I would also appreciate any advice or other resources on the subjects.
Logged
My personality profile.

Frelock

  • Bay Watcher
  • Dabbling Philosopher
    • View Profile
Re: Cryptography and Steganography.
« Reply #1 on: August 22, 2011, 02:55:36 am »

I took a cryptography class two semesters ago, and the textbook was fairly comprehensive and reasonably easy to understand.  Given, it's a textbook; reads like one and is expensive.  However, it covers not only the crypto-systems you'll want, but a bit of the number theory you need to understand them. 

If you can, check a nearby university for classes on the subject, and if they don't have one, call up a number theorist in the mathematics department and suggest they start one.  I know at my university, it was always one of the first math classes full.

Steganography though... you got me on that one.
Logged
All generalizations are false....including this one.

Grimshot

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #2 on: August 22, 2011, 10:39:13 pm »

 Thanks :D, that book seems to be exactly what I need. Now I just need a recommendation on a good Steganography book and I'll be set.
Logged
My personality profile.

Stargrasper

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #3 on: August 23, 2011, 01:15:49 pm »

I don't know any books off hand, but I did have to do a steganography project in an early CS course.

It's not too difficult.  You're basically hiding ascii codes in the least significant bit of the RGB values of pixels through creative use of bit shifting and masking.  You can't do this with jpg files, though, since jpg discards the LSB values.

I'm willing to attempt to answer any questions you have on how to do this, but sadly, I learned by doing.  I never had a textbook for this.  I had a five page assignment write up and that was it.
Logged

qwertyuiopas

  • Bay Watcher
  • Photoshop is for elves who cannot use MSPaint.
    • View Profile
    • uristqwerty.ca, my current (barren) site.
Re: Cryptography and Steganography.
« Reply #4 on: August 24, 2011, 07:35:42 am »

Or an indexed image with duplicate colours in the palette, and the choice of what one is used contains information, perhaps? Or maybe hiding data in a BMP's line padding?

Or, for a non-image possibility, whether a period is followed by a single or double space, some text files if you can put a varying number of spaces hidden by a tab on each line or something, where a tab would be expected for indentation anyway, but up to 7 spaces can be inserted before the tab without changing the alignment visibly?
Logged
Eh?
Eh!

Kay12

  • Bay Watcher
  • Fighting for Elite Liberal values since 2009!
    • View Profile
Re: Cryptography and Steganography.
« Reply #5 on: August 24, 2011, 10:39:49 am »

Still an image classic... .jpg images have a data structure that makes the image still show unaltered even if data is added to the end. These messages are easy to find if one is looking for them, and one may start looking for them if the file size is bigger than one would expect from a small image, but adding a short phrase won't cause noticeable increase in file size.
Logged
Try Liberal Crime Squad, an excellent Liberal Crime adventure game by Toady One and the open source community!
LCS in SourceForge - LCS Wiki - Forum thread for 4.04

Muz

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #6 on: August 24, 2011, 12:07:05 pm »

I kinda specialized in network security in uni. It was a lot of fun, and IMO, the easiest course. The final exam was kinda stupid, because if it was open book, I could've gotten full marks with just google, the RFCs and wikipedia, without attending any classes. It's really that simple in theory. I've coded my own really basic encryption software from scratch too, in just a couple of days, it's not that bad.


I'm not sure what you're looking for exactly. Are you trying to do encryption? Are you trying to hack into things? Are you trying to design advanced algorithms? If you're just looking to crack stuff, you don't really want to bother too much with encryption, you'd want to focus more on social engineering. The Art of Deception is a brilliant book on social engineering, highly recommended. If I want to get passwords, I don't try to crack someone's Facebook directly, instead I look for when they enter their passwords on nonsecure sites, and hope that they're the same, or that they follow a similar pattern to their passwords on more secure sites.

I'm not a fan of advanced cryptography...
Stone age (like literally swapping alphabets) take hours to days to crack.
Really basic cryptography takes days for a noob to google and script kiddie around, hours with special military hardware. They say DES is not secure, but it takes a dedicated machine to brute force it in days.
Medium strength cryptography (like Facebook, proxies, that 'medium' setting on your router) take years to crack for a noob, days with special equipment.
Top level cryptography (like Pentagon quality) takes thousands of years to brute force. But a social engineer can get your bank password in hours.

There's not really much difference between years and thousands of years, nobody's going to buy a $200k machine to look at your porn or steal $5k from your piddly bank account. I can sniff out my neighbor's passwords and look at their webcam data, but I can't be arsed because it takes days to find and sift through the raw info (or find a software that does it). I just use really basic security for personal needs and have a difficult password to guess, but easy to remember.


Instead of giving you a book, I'll just explain the basic concepts, since google sucks at this. And I can just copypasta this to other people asking about the topic :P

Find out what shared key is. It's just basically that you encrypt and decrypt something with the same key.

Then you have public-key cryptography. It's basically that you encrypt something with one key, and decrypt it with another. Since you're not using the same key to encrypt and decrypt, one of the keys can be given freely in public, while the other is kept private. The drawback of them is that they're extremely slow compared to shared keys. So you want shared keys for normal en/decryption.

You want to pass a shared key to someone, but can't give it out in public because anyone intercepting it can just sniff it and decrypt whatever you're encrypting with it. So, you ask someone for their public key. You encrypt your shared key with that public key and give it to them. Someone in the middle can't get your shared key from that public key because they can't decrypt it. But your intended recipient can decrypt the public key they gave you and pull out the shared key. Then both of you pass messages while en/decrypting with the shared key.

The problem here is that a man in the middle can give you their fake public key, if you don't verify the identity of the sender. So you have authentication servers. And you have authentication servers that authenticate authentication servers. It's all a web of trust, and you have these security conferences where everyone is signing each other's keys.

Then you have hashes, which are basically just a shortened version of something. It's used to verify if the thing is indeed real and not modified along the way. So, I could have a 1MB file hashed to "K#(Cf!". If I send it over the server, I expect a hash on that file to result in "K#(Cf!" if it wasn't modified. Servers usually store hashes of passwords, not passwords themselves. A rogue server admin can't pull your password from the server, they can just pull the hash and try to match hashes.

You can combine hashes to public keys to create signatures to verify identity.

From all that, you get basic tricks like SSL/TLS which is used by banking sites. Just that they're designed in such a way as to foil many other forms of attacks.


Advanced cryptography is simply built around all this stuff. You are basically locking a key with another key, then locking that key with another key, and using some keys a bare minimum to prevent them from getting sniffed. You create this complex tree of keys locked with other keys. And then start changing the keys every once in a while so people who steal them can't figure them out.

The existing algorithms for cryptography actually work very well, so people aren't really inventing new ones. If you want to learn about them, get a Masters in them, because they involve a hell lot of math, more than you'll get from internet forums and textbooks :P

Steganography... well, I'd just encrypt a message, and sign it. Wikipedia gives a very good explanation on how it's done along with some tools for it.

Oh, and RSA (the most common form of public-private key algorithms) will probably go obsolete when quantum computers become common. Quantum computers suck for things like gaming, but they'll crack private keys excellently.


Anyway, you can PM me if you have a question, since I don't really lurk the Life Advice subforum :P
Logged
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.

Grimshot

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #7 on: August 24, 2011, 03:54:09 pm »

"I'm not sure what you're looking for exactly. Are you trying to do encryption? Are you trying to hack into things? Are you trying to design advanced algorithms? If you're just looking to crack stuff, you don't really want to bother too much with encryption, you'd want to focus more on social engineering."

 I have a poor memory and end up writing and typing a lot of notes. I would rather only I, and possibly a few chosen people, are able to find and understand these. So I figured research into Cryptography and Steganography would be prudent. I want full knowledge of both subjects though, after I achieve that I will use that knowledge to my create my own system. Thats the plan anyways, even if I never do that I'm sure I'll make use of the knowledge eventually.

 I'm glad you brought up that book. The Art of Deception looks like something I'll certainly need to read.
Logged
My personality profile.

Stargrasper

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #8 on: August 24, 2011, 04:27:59 pm »

"I'm not sure what you're looking for exactly. Are you trying to do encryption? Are you trying to hack into things? Are you trying to design advanced algorithms? If you're just looking to crack stuff, you don't really want to bother too much with encryption, you'd want to focus more on social engineering."

 I have a poor memory and end up writing and typing a lot of notes. I would rather only I, and possibly a few chosen people, are able to find and understand these. So I figured research into Cryptography and Steganography would be prudent. I want full knowledge of both subjects though, after I achieve that I will use that knowledge to my create my own system. Thats the plan anyways, even if I never do that I'm sure I'll make use of the knowledge eventually.

 I'm glad you brought up that book. The Art of Deception looks like something I'll certainly need to read.

Personally, I feel that steganography is massively overkill for your purposes.  If you want to render your notes unreadable, a simple RSA encryption will work wonders.  If that's too slow, obfuscation can work wonders if properly implemented.

Or even better, consider using a TrueCrypt volume or something similar.  This way you can hide the existence of your notes in the first place.  You can use a file, or better, an encrypted partition (which looks like unformatted space) and then you can leave the notes in plain text if you wanted.  Assuming the CIA isn't after your notes, an encrypted volume will protect your data just fine.

You may want to implement your own system, but really...don't.  There's not sense reinventing the wheel if someone has already created something that will serve the purpose you need.
Logged

Grimshot

  • Bay Watcher
    • View Profile
Re: Cryptography and Steganography.
« Reply #9 on: August 24, 2011, 07:43:47 pm »

 I agree with you, that would be the easier route. The journey is just as important as the destination though, at least in my opinion.
Logged
My personality profile.