Distinguishing Encrypted Data From Random Data?

gust5av writes "I'm working on a little script to provide very simple and easy to use steganography. I'm using bash together with cryptsetup (without LUKS), and the plausible deniability lies in writing to different parts of a container file. On decryption you specify the offset of the hidden data. Together with a dynamically expanding filesystem, this makes it possible to have an arbitrary number of hidden volumes in a file. It is implausible to reveal the encrypted data without the password, but is it possible to prove there is encrypted data where you claim there's not? If I give someone one file containing random data and another containing data encrypted with AES, will he be able to tell which is which?"

Re:iieorjoeghoiuhtr

[Anonymous Coward]

Trick question! It is random text that's been encrypted!

Re:Lifting the Lid on the Guilty Yid

[ian(at)union.io]

Let me guess... Random!.. No, wait, too obvious. Encrypted!

Re:iieorjoeghoiuhtr

[bennomatic]

Nice. "All your base are belong". You purposely left off the last two words to give a smaller sample to review and potentially recognize patterns.

Re:Well

[bennomatic]

Weird. I guess I there's a bug in my ROT13 implementation. If I run my text through twice, I just get the original message.

Re:It's all about entropy

[biryokumaru]

From now on, whenever I go on a flight I'm bringing several DVDs of random data.

Re:Well

[SeanTobin]

Weird. I guess I there's a bug in my ROT13 implementation. If I run my text through twice, I just get the original message.

Just do what they did with DES... use 3rot13 and you're much more secure than the original implementation.

Sure, you have to use...

[Anonymous Coward]

Math.

Be sure to use some math and it'll all be good

Re:Ignore the person holding the phone book.

[Suki I]

I see a market in in automated phone book whacking gadgets! Look for them soon on ThinkGeek.

Re:Ignore the person holding the phone book.

[sjames]

They will need to give it a significant civilian use, so it should come with an attachment that lets you beat the marketing department and PHBs to death with a paper towel roller.

Re:iieorjoeghoiuhtr

[Volante3192]

Looks Welsh...

NSA? Bah.

[denzacar]

I don't work for any 3-letter agency and even I could easily get the information needed.
With the right tools. [xkcd.com]

Re:Ignore the person holding the phone book.

[M. Baranczak]

they aren't going to drug / beat every single person coming onto an airplane

If you fly US Airways, there's a $25 service charge if you want to get beaten and drugged before boarding. I remember when that shit used to be included in the base ticket price.

Re:Ignore the person holding the phone book.

[Jeremi]

If your jpgs look like everybody elses jpgs both visually and under close analytical scrutiny they aren't going to bother you.

I've developed a fascinating algorithm for encoding hidden data by slightly modulating breast sizes, but this comment is too small to contain it.

Re:It's all about entropy

[AK Marc]

When they discover you aren't a scientist, live in your mothers basement, and have never held a job, they'll arrest you for obstruction of justice.

Re:One more level...

[lgw]

But a good defense attorney would apply the same principle to show that the prosecution's legal submissions were really steganography hiding insults to the judge's mother.

Re:No, you ALL miss the point.

[pipedwho]

You tell them you just visited your cousin Jim, who had an old hard drive he didn't want anymore, and you needed a spare so he gave it to you, but not before he ran "dd if=/dev/urandom of=/dev/sda1" because he didn't want you having his old tax documents. All you've done with it since is install the OS...

...and a copy of Truecrypt into Program Files.

Re:iieorjoeghoiuhtr

[Mitchell314]

Dammit, I finally get cthulu back to sleep and some jackass wakes him up again.

Re:It's all about entropy

[Menkhaf]

Better yet: Make it compressed headerless video. Claim you're recording Uranus.