oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Steghide basic info

Browse source
This commit is contained in:
Zesc 2024-09-08 21:14:28 +02:00
parent 7c2e4e6b0f
commit 2b6d14c354
5 changed files with 28 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
opsec/steganography/index.html
View file

@ -69,8 +69,8 @@
<p>That means that whilst complementary to cryptography, steganography on itself is less secure than the mathematically provable security provided by cryptography. Think of it as tucking away your valuables in secret location versus putting them into a sturdy safe. The safe may draw immediate attention by burglars, but provides reliable resistance to attacks, whilst whether they find your hidden stash is up to chance.</p>
<h2><b>The why use steganography at all?</b></h2>
<p>In military science, there is the concept of the <i>Integrated Survivability Onion</i> &mdash; in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shot at you and that they can't shot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, <b>it just shouldn't be all your rely on</b>. In our example, a hidden safe is better than either option on its own.</p>
<h2><b>Then why use steganography at all?</b></h2>
<p>In military science, there is the concept of the <i>Integrated Survivability Onion</i> &mdash; in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shoot at you and that they can't shoot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, <b>it just shouldn't be all your rely on</b>. In our example, a hidden safe is better than either option on its own.</p>
<p>The main strength of it is that <b>steganography can conceal metadata</b> to some extent. Metadata (i.e. data about data and communications) is the primary way that state actors identify targets. When you can become guilty by association, <b>your primary concern may be communicating in public without anyone noticing</b> and not the confidentiality of your communications. (In fact, since many cryptographic schemes attest the identity of the sender, e.g. signatures, you should avoid those when looking for <u>plausible</u> deniability in case of compromise.)</p>