|
Depends on your use case and threat model. If I'm the Secret Police in some oppressive state, then I just need to find out whether you seem to be using stego — which is naturally against the law, itself, and hence grounds for arrest. Then, I can use rubber hoses, bamboo splinters, the threat of violence against your loved ones, and what-not to "brute force" your passphrase. If I'm the NSA, I just detect the presence of stego and stash the container for later — say, when my quantum computer finally works as advertised, or I can plant a keylogger or turn on the back door on the your computers and sniff your passphrase, or simply mine your social graph until I find some other means of compromising you. The possibilities are hardly limited to a naïve, brute-force search across the set of (crypto algorithm, passphrase) tuples. EDIT: But, to your point: yes, using video makes finding stego harder. It doesn't change the nature of the problem, though; it just changes its scale. Against adversaries with the computational power of a modern nation-state, however, if you're relying on scale to hide your behavior, licit or otherwise, you're only deluding yourself. |
Me? I'm the entire population of the country. Which one of us is using stego?
To my reckoning, the search space would put the number of atoms in the universe to shame.