Re: Steganography as a means of data protection
From: William Gant (wgant_at_transcender.com)
Date: 07/29/03
- Next message: Keith Patrick: "Re: .NET and buffer overruns"
- Previous message: Shel Blauman [MSFT]: "Re: System.Security.Principal.WindowsImpersonation"
- In reply to: David Cross [MS]: "Re: Steganography as a means of data protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jul 2003 15:45:23 -0700
Basically, I would just need to hide the data. As long as a hacker
doesn't suspect that it's there, it's still substantially safer than
just embedding it in cleartext within the executable. Obviously, I
could purchase an obfuscation utility to encrypt the data, but that
would require more than the shoestring budget I have. If I could, say
use some sort of mathematical formula to pick which pixels to hide the
bits in, I could probably hide a small amount of data in the splash
screen image. Obviously, the data would still be unencrypted, but at
least it wouldn't be in cleartext.
Is there another way to protect the contents of an assembly on the
user's machine that will keep someone from getting an embedded
encryption key easily?
I know that there's no way to stop a truly determined hacker, but just
reducing the number of people who succeed in getting through would be
a huge help.
Also, are there any methods for restricting access to a particular
method so that it can't be called except by a specific method
specified at compile time? Could I walk the stack to check it, or is
there a built-in way of handling this?
Finally, can you recommend any good books on .NET security (C# or
VB.NET)?
Thanks,
Will Gant
wgant@NOSPAMtranscender.com
"David Cross [MS]" <dcross@online.microsoft.com> wrote in message news:<#Lx$dIQVDHA.2252@TK2MSFTNGP10.phx.gbl>...
> Steganography has not proved itself as a partical method for data encryption
> in general. Although watermarking images and media for purposes fo digital
> rights management has some potential.
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> http://support.microsoft.com
>
> "William Gant" <wgant@transcender.com> wrote in message
> news:3699b3d7.0307251344.1d4cdcd@posting.google.com...
> > Hello,
> > I was just wondering what the general opinion is on the effectiveness
> > of using steganography to protect string resources, such as encryption
> > keys and database passwords.
> >
> > I was thinking that you could use a bitmap (such as a splash screen
> > logo) to hide the password in plain sight. If your bitmap was an RGBA
> > bitmap, then you could use the the last bit of the alpha component of
> > the pixel to hide your information without visibly altering the image.
> >
> > Of course, you wouldn't want the pixels you are using to be
> > continguous, as that might make it too easy for a hacker. Therefore, I
> > would think you could use some sort of algorithm to determine which
> > pixels you would hit for the data and possibly randomize the rest.
> > Provided that the algorithm to retrieve this data is suitably
> > obfuscated, are there any significant risks to such a plan (other than
> > performance)? Also, how big would the bitmap need to be to effectively
> > hide the information?
> >
> > Thanks,
> > Will Gant
- Next message: Keith Patrick: "Re: .NET and buffer overruns"
- Previous message: Shel Blauman [MSFT]: "Re: System.Security.Principal.WindowsImpersonation"
- In reply to: David Cross [MS]: "Re: Steganography as a means of data protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
