Original and Encrypted Images
There has recently been much interest in the idea of hiding information within images: steganography. I have already looked at some applications available for Macs. There are few steganography programs for OS X, but there is much software for other platforms. With Open Source roots, some needs compiling. An excellent source for ideas on this subject (and for sources) is Johnson and Johnson: these are technology consultants and not the baby powder people.
In my earlier look at steganography software I had tried out one app for the iPhone and two for the Mac, which were fairly easy to use and successful. There were a couple of disappointments to follow.
The opening screen of PicSecret with its crayon-style image suggests that this is for kids. This is reinforced to an extent by the ability to hide text within images without the need for passwords: a check box on the main screen allows this. I downloaded this from VersionTracker.
Like the other programs I tried, the user is offered two choices initially: Encode a message; or Decode an image. I started with encode and used the same image and the same three paragraphs as before. It appeared to encode the 934KB image, but when I used the Decode function on the JPG output, only a portion of the original text was displayed. We may also save the output as BMP, PNG or TIFF images. The software quit suddenly a number of times when I was trying to enter text.
The three paragraphs I used before had 275 words or 1361 characters. The limit of characters with PicSecret, which is indicated by a bar, is much lower. I could type in only 70 words, (371 characters). I had even less success with TIFF images and even a short sentence was not decoded properly.
When I used the much smaller image that had been used with StegoSecOsX, PicSecret balked at the 371 characters and cut the message down, suggesting that the encoding strength should be increased. Even at the maximum setting, the small image could not be used. It would appear that PicSecret might only have uses in, say, children's play or (like other examples of this type of software) for hiding invisible water marks as digital data within photos.
Pict Encrypt was immediately different as, when started, the computer switched to the more powerful video card installed. I was shown a bare working screen with two choices: encrypt and decrypt. I started with encryption and was prompted to choose an image. At the bottom of the screen initially were two identical icons (like mini MacPro computers). A user only knows that these are Back and Next if the cursor is held over them. These later changed to arrows. When any action is completed, the screen is unchanged and the user has to trust that it is safe to continue.
I was prompted to choose an image, enter a password and save the output. Once an image was chosen I selected some text and tried the same three test paragraphs as I had for other stenography applications. Pict Encrypt then asked for an encryption key. Unlike other programs which show dots, the characters entered here were visible.
When a name is given, no suffix is added by the program. The image is saved as a QuickDraw image (.PICT) and is considerably larger than the original. Other software had reduced the image size. I again used the 934KB image: output was 2.6MB.
The application crashed once or twice. I tried another couple of images with no problem including the 61KB image that worked in the other applications. Adding the three paragraphs produced a satisfactory encrypted image of just under 400KB. However, when decrypted only 35 characters (four and a half words) were recovered. The same occurred for the other large files even when I quit and restarted the program. This does not seem to be a useful program.
Some software I tried is able to insert brief amounts of text into images. There are several other applications available online that will do the same task or encrypt whole disks (a different subject from steganography). OS X has a built-in feature (FileVault) that will do this and there are other applications available like TrueCrypt: this runs on Mac, Windows and Linux systems. [See note below about TrueCrypt)]
Steganalysis software is thin on the ground and requires either complex algorithms which are still being developed, or an approach similar to virus detection which uses the "signatures" or styles of known steganography applications. Due to the nature of the software developed for example by SARC and others, it may only be available under export licences. Queries I sent to forensic software developers were unanswered. Also, with the 2010 Black Hat USA conference taking place in Las Vegas now (28-29 Jul), perhaps there will be more developments.
I was sent email in January 2017 concerning TrueCrypt and its discontinuation. As articles like this are as much archived content as informative (at the time, anyway), I have left the content above as-is and note a link to an item by Paul Bischoff on Comparitech. This points out that TrueCrypt was discontinued in May 2014 and is no longer maintained (there is an interesting story here). It appears to have a number of security problems.
The page outlines 6 alternatives and gives a brief summary of each, with download links.
Back to: Steganography on the Mac (1): Hiding data in Images