Take a
quick peek at the pretty thorough
steganography node to get
up to speed on what steganography is about. Steganographic data need not be
encrypted in most cases as people simply don't realise that it's there. This leads me to
the matter in hand... How can (
secret) information be hidden within
E2? I have come up with a few possibilities, and detailed them below in no meaningful order:
The Image Method:
If you have a high enough position in the
E2 Caste System you are allowed to place an image on your
homenode. Currently you must be a Level 6 (
crafter) to do this. Image files are an
easy target for information hiding as a
350x350 pixel image contains the same amount of data as a pretty
hefty page of text. Steganographic techniques usually have a problem with hiding
large amounts of information within a small file; in the case of images, hidden information shows up as
noise.
Recommendations:
If you're using a GIF image, use a black and white one. This will make the noise less noticeable.
The bigger your image, the less dense the noise will be.
Pros:
Can hold a fair chunk of information
Not necessarily easy to detect - always requires special software.
Cons:
Requires Level 6 or higher
All E2 homenode images are stored in the same directory (http://www.everything2.com/images/userincoming/). An attacker could easily download all the image files there and check them quite quickly.
You only have one image, so your information hiding capacity is limited.
The Attribute Method:
E2 supports attributes for some
HTML tags. This is how you right align a paragraph:
<p align="right">this is on the right </p>
This is how you can use the "align" tag attribute to hide information:
<p align="this_could_be_a_PGP_encrypted_message_with_its_headers_stripped"> Innocent looking text </p>
(note the need for underscores... spaces will not work)
This can also be done using the clear attribute of the BR tag if you prefer to use BR's instead of P's.
Recommendations:
Encrypt your text if you feel the need; Stealth (see the links at the bottom) will help you with this
Don't put tons of information in one writeup, spread it around
Don't put the information in a popular node (duh)
Pros:
Plenty of storage capacity... limited only by the number of WU's you can manage not to get nuked.
Easy to carry out - requires no software other than (optional) crypto software.
There's so much E2 and so little time - how the hell is the attacker going to find your writeup in all that lot?
Cons:
Easy to detect
Easy to extract the information unless crypto techiniques are used
The Whitespace Method:
It is possible to use steganographic software to encode a hidden message into the
whitespace at the end of lines of text. This poses some problems, as HTML formatted pages usually have text which wraps at the end of the line, so
enforcing your own line breaks may seem a little unusual. Luckily there's a way out: add the whitespace to the HTML
source rather than the text which is visible in the browser
To demonstrate, view the source of this page and search it for "mnbvcxz". Now look at the following lines.
This has whitespace added in the visible portion
and while the browser won't render it
it'll still be there in the source.
A better way is to do it is like this, with ordinary text formatting and extra whitespace sitting at the end of lines of HTML. That way you can format your writeup however you like and the whitespace doesn't stand out in the source quite as badly. On the downside, you won't be able to encode as much data.
A cgi script is available to add encrypted text to HTML using the whitespace method (see the links section below)
Recommendations:
Don't put tons of information in one writeup, spread it around
Don't put the information in a popular node (duh)
Use the web based tool to carry out whitespace encryption
Pros:
Fairly difficult to detect
Fairly difficult to extract the data.
There's so much E2 and so little time - how the hell is the attacker going to find your writeup in all that lot?
No steganography software required other than the CGI script
Cons:
Low capacity - a typical writeup will hold only a few bytes of text
Useful Links:
Steganography software links available here:
http://www.cl.cam.ac.uk/~fapp2/steganography/stego_soft.html
Stealth (strips headers from PGP data) is here:
http://cypherspace.org/~adam/stealth/
Snow (encodes data into the whitespace of text) is here:
http://www.darkside.com.au/snow/
Web-based Snow is here:
http://web.ece.villanova.edu:8080/~perry/snow/snow.html
Disclaimer: If you think it would be a great idea to hide vast amounts of information within the E2 database, you are wrong. Simple as that. You are increasing load needlessly.