Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Sep 2011 09:58:28 +0200
From: magnum <>
Subject: Re: Steganography Passphrase Cracking

On 2011-09-19 09:01, firstname lastname wrote:
> For instance, MP3Stego tool by Fabien Petitcolas can be used to hide
> text files inside an MP3 file. You can protect your hidden data using
> a passphrase.
> While decoding, we need to supply the passphrase to extract the
> hidden data from the mp3:
> decode.exe -X -P<pass>  sample.mp3
> I did some research on how to extract the hash from this mp3 file and
> didn't make much progress. It uses 3DES to encrypt the hidden data
> and SHA-1 to generate pseudo random bits.

What happens if you supply the wrong password to decode.exe? Does it 
recognise it was wrong, or does it extract garbage data? If it's the 
latter, we may have no way to detect a correct guess unless there's 
known plaintext (eg. file magic) in the hidden data.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.