OpenBSD Journal

Steganography on OpenBSD?

Contributed by jose on from the hidden-messages dept.

anonymous writes: "FreeBSD has utilities for steganography:

Does this exist for OpenBSD also? Would be nice to have."

I recall there being some stego tools in the ports tree, and various others working just fine. Anyone care to comment?

(Comments are closed)

  1. By EN () on

    cd /usr/ports
    make search key=stegano


  2. By Anonymous Coward () on

    securiy by obscurity doesn't work :)

    1. By Anonymous Coward () on

      No, but obscurity can be a nice addition.
      Hiding an encrypted file in an image is an additional protection than just sending the encrypted file.

      1. By Anonymous Coward () on

        yeah, as hiding the sources of a program is."a nice addition"

        1. By erik () on

          Remember those who are not allowed to have encryption?

        2. By sigh () on

          With that attitude, I hope you run telnet instead of ssh. I mean, hiding your password isn't better security right?

    2. By Anonymous Coward () on

      I wish this buzz phrase had caught on as "Security by obscurity _ALONE_ doesn't work".

      Obscurity is worthwhile when it is combined with other means. Every little bit helps.

    3. By Anonymous Coward () on

      There's this thing called "plausible deniability".

    4. By ArmsDealer () on

      securiy by obscurity doesn't work :) haha but you ad a 1024bit encryption with that and you have one hell of a mix also you send a 56bit encryption with fake msg and they instead of looking under the picture they take the fake encrypted MSG haha I only use DOD after a perl program I have made. So haha and it cant be broken by normal a = i and b = s becaus i might go a = h and later h = aazz then z =8v8 by the end it = aa8v88v8

    5. By Anonymous Coward () on

      Actually, security by obscurity is preferrable to what you probably think of as "true" security in many cases.

      In some instances, keeping communication completely hidden is actually more important than protecting the contents of the messages.

  3. By Rick Wash () on

    The tools that were mentioned in that article were actually developed on OpenBSD by a (former) OpenBSD developer Niels Provos. They are very useful utils, and are availabe in the ports tree under security.

    1. By nuintari () on

      I could be wrong, but I believe he developed those tools to prove that the concept is inherently flawed.

      As someone said, security through obscurity is no security at all. and as I say, security through obscurity provides a false sense of security.

    2. By Anonymous Coward () on

      hrmm why is Niels Provos former openbsd developer? any reasons for leaving? what is he doing now? i know its off the topic, i'm just curious

      1. By Anonymous Coward () on

        because Theo, while a gifted man, has quite a temper problem....

        1. By Anonymous Coward () on

          and ip's are logged..... and my foot is in my mouth, meh, don't really care.

            1. By nuintari () on

              posted non-anon from same ip just a few up in the threads. ;-)

  4. By Anonymous Coward () on

    Does this mean I can draw a Stegosaurus?

    Wow, OpenBSD has the coolest tools.

  5. By Anonymous Coward () on

    Let's get all kinds of wonderful, obscure useless things like stego going before we have even a basic, well-integrated functional encrypted filesystem. "Oh, I would like a phone that can have custom ring tones, flashing lights, a built-in flashlight and FM radio... oh, I don't care if I can make phone calls on it or not."

    1. By Anonymous Coward () on

      I believe the stego tools are made by third parties for all unixes (not just OpenBSD), it wasn't the OpenBSD developers that created it, so it didn't take away time from other development.

      I agree with you about encrypted filesystems though, OpenBSD isn't even an option for my security needs, and that's a big reason why.

  6. By Anonymous Hero () on

    One neat kernel patch for Linux is StegFS. There's no patch for Linux 2.4 and there won't be one from the developers They'll be working on 2.6 though and it's available fo
    What is does is *duh* it hides data and together with that it has crypto support for data. So it's more than CFS.


    I take it you can imagine its usefullness.

    Then there's also another use for steganography, much like signing something with GPG: watermarking. When you've made something artistic for example and put that online, with copyright, you can later use stegography to authenticate you as original artist of the work. Such can be extremely useful in professional layers of artistic environment. OutGuess is one of the many tools. More can be found via Fresshmeat and Google.

    Here's a few links to some additional software:


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]