[guardian-dev] Pixelknot: a new app
harlo at guardianproject.info
Thu Feb 28 09:18:17 EST 2013
Nice hat! Will get on this...
On Feb 28, 2013 9:16 AM, "Abel Luck" <abel at guardianproject.info> wrote:
> *puts on his crypto enthusiast hat*
> It appears  you are using standard AES-CBC to encrypt the message
> contents before the stego process. AES-CBC is an unauthenticated form of
> encryption. I don't see any code doing additional MACing of the
> ciphertext, so Pixel Knot is vulnerable to active attackers flipping
> bits as the messages travel on the wire.
> I recommend switching to an authenticated encryption cipher mode,
> namely, GCM.
> If you're interested in Authenticated Encryption, Mathew Green's blog
> post on this is super .
> Mark Belinsky:
> > Hey Guardians,
> > This hacker union *needs your help*! The team has been working on an app
> > experiment called Pixelknot. The idea is to create a steganography app on
> > Android.
> > Before we go public with it, we'd love feedback from the trusted devs and
> > users on this list. Whether it's about the graphics, user experience,
> > security or just finding bugs, we need some smart minds on this. Right
> > there are a lot of stego apps out there but we thought we might be able
> > do a better job. Hopefully we can.
> > Our goal is to make a stego app that:
> > 1. Has the original image appear, to the trained human eye,
> > 2. Has the bytes of the image appear, to a trained analyst,
> *undistorted* so
> > much so as to arouse suspicion.
> > 3. Has the complete message be *recoverable* no matter how it is
> > transmitted.
> > The good news is that we're well on our way to achieving this.
> > You can *download **latest APK* straight to your Android phone here -
> > - https://bit.ly/pkfeb4
> > Or via qr code:
> > [image: Inline image 1]
> > Here's the code if you want to dig into it:
> > - https://github.com/guardianproject/PixelKnot
> > - https://github.com/harlo/F5Android port of the F5-steganography
> > library to android
> > Thanks so much! It's always exciting to launch a new experiment and we're
> > happy to have you all along for the ride. Have a great weekend,
> > All the Best,
> > Mark
> > P.S. We know there are some bugs with the camera on the Galaxy S3 so
> > to those users. For everyone else, please get the app here
> > https://bit.ly/pkfeb4
> > P.P.S Thanks for keeping this quiet and not spreading it around on the
> > social medias... for now.
> > --*
> > @mbelinsky <https://twitter.com/mbelinsky> | guardianproject.info |
> > +1-347-466-9327 | ostel: 1003 **| pgp:
> > 0xEFBFA7278D8EFFDA<
> > *
> > _______________________________________________
> > Guardian-dev mailing list
> > Post: Guardian-dev at lists.mayfirst.org
> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> > To Unsubscribe
> > Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> > Or visit:
> > You are subscribed as: abel at guardianproject.info
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Guardian-dev