Hidden in plain view

There is a principle, famously exploited by Edgar Allen Poe, that the best place to hide something is in plain view – just make it appear that it is something else. There are many possible applications of this. For instance, suppose you have problems remembering a computer password. If you leave a piece of paper on your desk saying: “Password: Swordfish”, that would not be very secure. But if you had a scrap of paper with “Remember to buy milk” on it, would people guess that your password was “tobuymilk”?

One application that fascinates me is steganography, by which you can hide messages inside computer graphics. Not in the image as a visual component, but by hiding the message in amongst the data that makes up the jpg file. A few sentences mixed in with all the gobbledigook will not make any detectable change to the image.

In this way it would be easy for some villainous person to communicate with his henchmen even if security forces were eavesdropping on his emails and phone line. All he would need to do was this: first take some innocent photo, let’s say of bunny rabbits. Now – the message is “We strike next Tuesday week!” Using basic steganography software, insert this text into the jpg code. Next, go into an internet cafe and post the image onto one of the various internet public image gallery sites; preferably one where many people post to the same image stream. Your henchmen know which site to watch (arranged in advance), and they know to look for a picture of rabbits. Once they see it, they download it and extract the message. Since no-one can monitor every image posted on the internet, it would be impossible to intercept communications sent in this way.

I remember many years ago reading a novel that hinged on a supposedly unbreakable cipher. With many ciphers, coding and decoding depends on a simple-to-remember key – for the sake of argument, the word “capstone”. To start the cipher, you need to re-arrange the alphabet so that it starts with your key, like this:

CAPSTONEBDFGHIJKLMPQRUVWXYZ

This is then used to create the cipher. According to the novel (which predated computer cryptography) the wekaness of such ciphers tends to be that you have large chunks in the processed key that are still alphabetical – in the example above, FGHIJKLM and UVWXYZ. The plot spring was the idea that if you based the cipher on a completely randomised alphabet, this weakness would be eliminated and the cipher would be unbreakable. The problem is that a completely random re-arrangement of the alphabet would be impossible for a field agent to remember. He would have to write it down, and if he were captured, the existence of a slip of paper with the sequence would give the game away.

How to hide the sequence? The answer, of course, is to make it look like something else. You make the sequence this one:

QWERTYUIOPASDFGHJKLZXCVBNM

And now, if the agent is captured and found to have a portable typewriter (in those days) it would not incite much suspicion. Quite out of date now, but a nice example of hiding something in plain view.

You must be logged in to post a comment.