Steganographic storage of encrypted files in images.

What I find truly fascinating is that there is no way to tell if an image contains steganographically hidden encrypted data. Even if you know every line of the source code of the program that you suspect may have been used to hide the data, you still have nothing to help you prove anything.
If the least significant bits in the RGB-values contains encrypted data they should appear to be random. But the least significant bits in an ordinary image on the other hand, could be expected to be less random and show a bit more regional uniformity.

Store in pixel
But randomness in the least significant bits does not constitute proof that there are encrypted data hidden. The randomness of the RGB-values could originate from natural minute color shade variations in the surface of the physical object being photographed or be the result of an image editor filter.

I’ve been working on an encryption program in C# for a couple of days. It encrypts files and hides the encrypted data steganographically inside images.

The portrait above actually does contain data that can be extracted and be visually interpreted in an unexpected way. Hidden in the above images is another image. The image you see below:


I think that maybe it’s wrong to say that the initial image contains hidden data. There are no hidden data. All data in the initial image is visually represented on the screen. The question is how you interpret the data.

To make things more interesting I can reveal that the above bluish image also contains something that you might not expect.

Encoded in the pixels is a text file with the 81 verses of the ancient Tao Te Ching by Lao Tzu.

The Tao that can be trodden is not the enduring and
unchanging Tao. The name that can be named is not the enduring and
unchanging name.

(Conceived of as) having no name, it is the Originator of heaven
and earth; (conceived of as) having a name, it is the Mother of all

Always without desire we must be found,
If its deep mystery we would sound;
But if desire always within us be,
Its outer fringe is all that we shall see.

Under these two aspects, it is really the same; but as development
takes place, it receives the different names. Together we call them
the Mystery. Where the Mystery is the deepest is the gate of all that
is subtle and wonderful.

Above you see only the first verse. The bluish image contains all 81 verses!





Use Game of Life to Generate 256 bit Hash

One of the most fascinating aspects of Game of Life is that it illustrates so well how a completely deterministic process can be so unpredictable. Use a fixed starting pattern and run. Watch the result. Use the same starting pattern but change a single cell somewhere. The new result can be as different from the old as night and day.

Absolute determinism plus unpredictability are precisely the two things you look for in a hash algorithm. When you store passwords on a server you don’t store the passwords themselves but their hashes, calculated using some hash algorithm like for example MD5, SHA-256 or Whirlpool.

A user authenticating himself on the server inputs his password and the server hashes the password to see if the hash corresponds to the hash stored on the server.

For a hacker getting hold of the stored hashes, or for the system administrator, there is no way to run the hash algorithms backwards to retrieve the real passwords. The only way to break a hash is to systematically hash every possible password (out of zillions) and see if the hash matches.

I made this Javascript application to illustrate the idea of using Game of Life to generate hash values. The application is not using Conways standard B3/S23-rules but instead B23/S23-rules.

Try to hash different words or sentences differing only by a single letter adjacent in the alphabet and watch how the hash value changes. You can also try to hash some text but before you click on the ”Run 200 steps” click somewhere on the gird with the mouse pointer to change a single bit.