[tor-dev] Steganography Browser Addon (Google Summer of Code)

Hareesan rharishan at gmail.com
Wed Jun 5 12:51:20 UTC 2013


Hi
Moritz Bartl,

It sounds cool to provide context menus rather than only stick with manual
upload. So I feel the extension will come up with both options to use
context menus as well as upload contents manually. Initially I'm working on
the context menus to encrypt messages. I will get back to you with the
initial UI parts first.

Sorry about the less descriptive steps in "How
Alice's side works" and "How Bob's side works" part. I will try to draw a
proper one later in the progress.



On Tue, Jun 4, 2013 at 9:53 PM,
Moritz Bartl <moritz at torservers.net> wrote:

> Hi Hareesan,
>
> Thank you for taking this on!
>
> The crucial parts are the interfaces to the steganography plugins, and
> how they signal what kind of data they can process (html, image, video,
> ...). I don't think it will scale if we just dump all data into all
> plugins for processing. (see comment below)
>
> For the user interface, apart from the ability to select local files as
> carrier, I think it would be neat to be able to select content from
> websites (like: right click on image, select "embed secret"). Payload is
> either textual (entered via form), or binary (file selection).
>
> To encrypt the payload before embedding, a private/public key scheme was
> proposed. I prefer ECC over RSA. You mention SJCL, which has an ECC branch.
>
> > Once Bob open a web site with web contents which he wants to check if
> > it contains any messages steganographically hidden, he will click on
> > the extension icon Figure 5. All the items in the page will be
> > displayed in the extension with decrypt option.
>
> We discussed earlier that the extension, together with its steganography
> addons, should have the capability to automatically find matching
> payload while browsing. Depending on the algorithms, this may or may not
> be feasable, so users may want to disable this for certain types of
> content, algorithms (plugins), or only enable scanning for specific
> sites. (which you outline in Figure 6)
>
> Personally, for the manual scan/decrypt, I'd like to see an option in
> the context menu when I right-click an image or other content.
>
> I was not able to completely follow the steps you describe in "How
> Alice's side works" and "How Bob's side works". The charts look neat,
> but are not ideal to describe the process.
>
> The situation of usable javascript steganography libraries does not look
> too good. For the GSoC project, we should not waste too much time on
> this, and focus on the surrounding extension and clean interfaces to
> potential libraries. If we have time left, we can investigate what kind
> of algorithms we would like to see implemented/ported in Javascript.
>
> --
> Moritz Bartl
> https://www.torservers.net/
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>



-- 
Hareesan

It's more fun to be a pirate than join the Navy.
-Steve Jobs-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130605/c39c3fe9/attachment.html>


More information about the tor-dev mailing list