[code_duck]

Steganographic communication as a substitute for encrypted text is a baffling misinterpretation of the reason for encryption in a chat program. The use cases and potential userbase barely overlap at all.

I don’t want my conversations with my mother to be public. But we are not going to communicate in secret messages hidden in images as if we are espionage agents, and most assuredly 98% of the public will not, either. Not to mention that steganography has a security by obscurity aspect - the more you raise knowledge that textual messages may be concealed in images, and present a common mechanism for doing so, the less effective it is for escaping scrutiny.

Also, I’d note for your points that stegonography has no ‘storage capacity’. That’s a characteristic of the underlying medium. It is not a standalone communication system - if I’m sending secret spy image messages to my tow truck company instead of normal text messages, the storage is foremost limited by the text message system.

[bearmcbearsly]

> Steganographic communication as a substitute for encrypted text is a baffling misinterpretation of the reason for encryption in a chat program.

I agree with you, but couldn't you say the same thing about using end-to-end encryption in a chat program as a substitute for messaging that's just encrypted in transit?

[nobody271]

> Steganographic communication as a substitute for encrypted text is a baffling misinterpretation of the reason for encryption in a chat program.

> I agree with you, but couldn't you say the same thing about using end-to-end encryption in a chat program as a substitute for messaging that's just encrypted in transit?

I just want to point out, again, that this is not an argument that I tried to make.

[code_duck]

But what are you saying people should do? Only communicate information that I don’t mind being public using traditional non-secure messaging systems, and use stegonagraphy whenever one wants to communicate private information?

[nobody271]

Steganography+encryption has a number of use cases. The one I think is most interesting is being able to store encrypted data locally with ease. Right now if I want to encrypt some text I have a number of options.

I can encrypt the hard drive. I can encrypt a text file to a binary encrypted file. I can encrypt a text file to a text file with something like pgp. But none of those are what I would call user friendly. But through the magic of steganography you could do all that and save it to an image file. Now we have something that people might be comfortable using.

As for secure chat idk. I wouldn't trust Windows, iOS, Android, my ISP, my VPN, the NSA (and whoever else), the spyware my mom has installed on her computer that neither of us know about, etc. I'd probably just google for something but I wouldn't be under any illusion that it's totally secure.

[code_duck]

Can you elaborate on the logic of why saving encrypted text to an image file is more user-friendly than saving it to a text file? Why would that make people more comfortable?

[nobody271]

Because people are more comfortable dealing with image files than .enc files or whatever extension one might use. Plus you dont just have to encode text. You can encode any file type. Look, I don't know what this is to the various participants in this thread but to me it's been really sad. I feel like I'm arguing politics. I don't think I've said anything unduly disrespectful or even incorrect yet I've been arguing about this with people who apparently think they know better but consistently get basic facts wrong or appear to be disingenuous to help win a debate. I'm not here to connect every dot for you. You're not holding my ideas up to the light of truth or whatever you think you may be doing. I really regret logging on to hackernews today.

[nobody271]

Sure, for a chat conversation you would want something faster than steganography. But if you will notice I did not propose a solution for encrypted chat. I proposed a solution for making encryption easier to use, yes? I hope that debaffles you a little.

Steganography alone is just security through obscurity? I guess I'm not sure which algorithm you are thinking of but regardless it's very easy to encrypt your data before writing it to the image so in any case, that is a non-problem. The same goes with your sentence about the use of steganography detection. Maybe it's possible for some algorithms, I don't know, but I have very strong doubts about that and again, it's encrypted.

The amount of data you can write to an image using a steganographic algorithm could be rightly called its "storage capacity", yes? Or do you believe that for each image there is an exact maximum storage capacity regardless of the way you encode data to it?

[code_duck]

“I think steganography is an excellent way to deliver encrypted messaging to consumers.” is in your prior post.

If you are not using stegonagraphy for the obscurity aspect, why use it at all? Why not just encrypted plaintext that can be decrypted?

Stegonagraphy is intended to conceal that a message is being sent at all, other than the apparent message of an image. If my recipient and I are both using Cool Stegonagraphy Messaging App, or you are marketing CSMA to the general public, that removes that crucial feature.

As far as storage capacity, I mean is not a concept that stegonagraphy envelops. The amount of data you could include would be limited by the lower level transmission systems - whatever software and hardware you are using to actually transmit, device, store and view images such as image format and your phone storage.

[nobody271]

I meant messaging in a more general context. It does not remove that feature at all. Why do you think that two people using the same app or algorithm automatically reveals the presence of a hidden byte array? You just vary the way data is read out of the image using the same password used for encryption. Even if they could recover every single bit using statistics (which they can't) they would have no idea what order to put them in. That's just one way of doing it too. If you put a real math wizard on the case I'm sure they could do even better.

Storage capacity IS a function of the algorithm and the image. That's simply a fact. For example, say we are just bit flipping a 512x512px image and we take up all 8 bits in each color channel in each pixel. That lets us write 512 * 512 * 8 * 3 = 6291456 bits or about 6Mb. ...I can see how it looks like I was talking about real time communication because I said messaging. That was a mistake and honestly I have been playing around with the thought of if/how steganography could be used for chat but that really was not how I meant it to sound. I was thinking about how steganography might be able to make encryption more user friendly.

[code_duck]

I’m not saying that the message isn’t secure in an encryption sense. It’s just that embedding it in an image has no advantage in an encryption sense, and if the advantage is not secrecy about the presence of a message at all, what is it?

Sure, stegonagraphy has a capacity for information that based on the image format utilized. But the real upper capacity is dependent upon the other layers.

The way to make it user friendly is to make it transparent. I don’t see how this would do that.

[nobody271]

Speaking of layers that's how I want to answer the first part. Encryption makes it secure but steganography makes it portable. Steganography is the sugar that makes the medicine go down. That's how I think it could work anyways, I'm not saying that is what would happen.

[stevenicr]

Certainly for most things I would prefer whatever encryption in transit and whatever data is received is destroyed after viewing. Some people think snapchat is like that, and it's a big reason that many people use it like they do.

However I can imagine some use cases where others would want to keep say a kinky fantasy story someone wrote to them, but need to keep it in a form that if discovered may be difficult to discern that it was a naughty message at all.

Like the "calculator app" that many of the younger folks are using to hide nudes... you'd have a "cool cat memes with friends app" - with some of the images shared having extra data embedded...

some parents and others are getting smarter about seeing the most used apps on a phone, so they are able to question why someone used "hidden locker calculator" 8 hours each day. If you had "cat meme share" being used 8 hours a day, you could open said app and show your parents/lover/ whoever the funny memes.. and they may not know that extra info could be embedded for example.

This may save some people doing bad things, but may also save some people from being outted about their <insert small niche not socially well accepted interest / lover / friend here>