[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] savannah.gnu.org: submission of Spleen
|
From: |
loic |
|
Subject: |
Re: [Savannah-hackers] savannah.gnu.org: submission of Spleen |
|
Date: |
Sat, 9 Jun 2001 18:45:43 +0200 |
Approved.
address@hidden writes:
>
> A package was submitted to savannah.gnu.org.
> This mail was sent to address@hidden, address@hidden
>
>
> RANNAUD Eric <address@hidden> described the package as follows:
> License: gpl
> Other License:
> Package: Spleen
> System name: spleen
> This package does NOT want to apply for inclusion in the GNU project
>
> My project, called SPLEEN, is, in a nutshell, a software which is able to
> put information into pictures.
> More exactly, it modifies pixels\' RGB channels, in such a way that, sending
> the file to another one, he will be able to pick up the content.
> The more interesting features are discretion and secrecy. Indeed, in order
> to extract the information, you need the original picture. SPLEEN compares
> the modified picture to the original one to find information.
> The picture files produced are completely standard files, it is completely
> impossible (or at least far from easy) to guess that this particular picture
> is SPLEEN-made.
> In fact, SPLEEN modifies the picture, but it is not visible to the naked
> eye. To a maximum, it modifies one of the RGB channel by less than 2.0 % and
> considering the three channels: less than 7.5E-4 %. And if you want to use a
> program to detect it, there is no reason for a picture to be a bit more
> (e.g.) darker. If you have not the original picture, and if this one is
> complex (like a photograph), I cannot see how you would be able to identify
> it.
> So, it\'s just a standard picture file travelling over the internet.
> Moreover, without the original picture, in the same way you were not able to
> guess that the picture has been modified, you cannot extract content. I see
> no way of infering the original picture using the modified one.
> In a word, the original picture plays the same role than a crypto-key in a
> symmetric algorithm.
> Since SPLEEN may not be considered as a cryptographic software, it may not
> be exposed to the law in the USA restricting exportation. Anyway, I leave in
> France, where these rules don\'t apply.
> For a higher security level, you can use both GnuPG and SPLEEN.
> For now, I have already made the most part of the program. But, it has been
> initially made with OCaml, which is a good language but not broadly
> diffused. So, in order to make SPLEEN more easy to compile and use, I am
> rewritting it in C and Gtk+ concerning the GUI. I have not already released
> sources, because it is hard to compile on another machine than mine. The C
> version will doubtless resolve that.
> It is possible to include binary files, since all is coded with Base64
> before being included (support of exotic alphabets may be added quite
> easily).
> Considering use of both Base64 and zlib, you may be able to include about
> the same amount of data that the size of the picture file (depending on the
> ability to compress the data).
> The GUI allows user to add or remove items just as with an
> email-reader-agent when you attach files. It is also possible to edit
> text-items like email-messages.
> I will probably add a GUI-less version, which could be usefull for some
> purpose.
>
> If you need any other information, be sure you can contact me.
>
>
--
Loic Dachary http://www.dachary.org/ address@hidden
24 av Secretan http://www.senga.org/ address@hidden
75019 Paris Tel: 33 1 42 45 09 16 address@hidden
GPG Public Key: http://www.dachary.org/loic/gpg.txt