Tuesday, June 14, 2011

Lessons from a Steganography Example

ProgrammingPraxis is still going strong, and I just love their most recent exercise:

In his book Dead or Alive, Tom Clancy describes a cryptographic system used by terrorists. His description is incomplete, but it seems to be a two-stage system, with a hand-operable cipher hidden by steganography inside images on a web site. Clancy talks about a one-time pad that doesn’t really seem to be a one-time pad and creates a stream of two-digit numbers using the middle-square method; it may sound good to his readers, but even my limited knowledge of cryptography suggests it’s bad crypto. Or, on one crypto forum where I asked about it, “really really awful” crypto.

Let’s see if we can do better than Clancy. We have four objectives: The system must be hand-operable by terrorists in similar situations to Clancy’s. The system must use both cryptography and steganography, as Clancy’s did. The system must be easily explainable in the context of a novel such as Clancy’s. And the system must be reasonably secure, certainly better than Clancy’s “really, really, really awful” system.

Even if you're not a programmer, taking a few minutes to read the overview and then the solution is worth it.

The lessons to be learned here are many:

  • Programming examples can be fun, realistic and related to current events
  • Steganography isn't limited to images, any heap of information can be used
  • Encrypted communication doesn't depend solely on expensive and complicated hardware

This is definitely a fun programming puzzle to play around with.

1 comment:

  1. Anonymous12:35 PM

    Thanks for the kind words.