- From: Daniel Hardman <daniel.hardman@evernym.com>
- Date: Mon, 27 Jul 2020 13:55:23 -0600
- To: Heather Vescent <heathervescent@gmail.com>
- Cc: Orie Steele <orie@transmute.industries>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAFBYrUqXtfkUkz8XD=4C5-J=wr7oK5JHwCtUGZSwSYUAUOc7UA@mail.gmail.com>
A challenge with encoding info in images is that they are lossy. One of the reasons why Facebook rewrites all uploaded graphics is to precisely to eliminate steganography... On Mon, Jul 27, 2020 at 1:46 PM Heather Vescent <heathervescent@gmail.com> wrote: > A++ use of digital steganography. (I recently did a deep dive research > into steg = digital steg for espionage uses.) In addition to being used for > malware bot commands, the baddies use it to transmit trade secrets. > > LOVE IT Orie! > > On Mon, Jul 27, 2020 at 10:44 AM Orie Steele <orie@transmute.industries> > wrote: > >> On the weekends, I get to work on whatever I want :) >> >> Inspired by the new `did:twit` method, recently registered here: >> https://github.com/w3c/did-spec-registries/pull/90 >> >> I created `did:meme` (not registered yet...) >> >> >> https://didme.me/did:meme:1zgswzdje885tzr8408m37sjmaa0sthw265ty6hmwzmau48kd809zzrgra4w5w >> https://github.com/OR13/didme.me >> >> Obviously this is kind of a joke... However, I think there may be some >> interesting technical firsts here, and if they are not firsts, I'm sure >> readers of this mailing list will be able to correct me. >> >> 1. First use of bech32 to encode a did identifier >> >> In order to make the DIDs look different from IPID / IPLD / IPFS / >> IPNS... I transformed them using bech32. >> >> 2. First use of a covert channel for a verifiable data registry. >> >> The image (meme) contains the multi codec representation of the public >> key (same as is used by did:key)... >> >> This means that the did document is recovered from data stored in an >> image. (not encrypted!)... this technique is called >> https://en.wikipedia.org/wiki/Steganography >> >> It is useful when you need to exchange messages without it being obvious >> that you are doing so, for example: >> https://twitter.com/didtwitt3r/status/1285446654112350209 >> >> Sadly this technique is often abused by the baddies, to hide botnet >> command and control traffic on public platforms... >> >> However, I would not consider steganography to be inherently good or >> evil... it's just another way of encoding (not encrypting). >> >> Finally, the data goes on the public IPFS network... so thanks to >> https://infura.io/ for making it possible to make this demo on a public >> github pages backed website. >> >> Regards, >> >> OS >> >> -- >> *ORIE STEELE* >> Chief Technical Officer >> www.transmute.industries >> >> <https://www.transmute.industries> >> > > > -- > Heather Vescent <http://www.heathervescent.com/> > Co-Chair, Credentials Community Group @W3C > <https://www.w3.org/community/credentials/> > President, The Purple Tornado, Inc <https://thepurpletornado.com/> > Author, The Secret of Spies (Available Oct 2020) > Author, A Comprehensive Guide to Self Sovereign Identity > <https://ssiscoop.com/> > Author, The Cyber Attack Survival Manual <http://amzn.to/2i2Jz5K> > > @heathervescent <https://twitter.com/heathervescent> | Film Futures > <https://vimeo.com/heathervescent> | Medium > <https://medium.com/@heathervescent/> | LinkedIn > <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates > <https://app.convertkit.com/landing_pages/325779/> >
Received on Monday, 27 July 2020 19:55:48 UTC