Is it safe to initialize a random number generator with MD5 for pixel selection in image steganography?

Begoña Garcia

10/21/23, 5:21 AM

This question is related to "Is it safe to initialize a random number generator with MD5?".

But in the context of steganography we don't know which pixels have been selected to hide information. In addition, the content could be encrypted, so we do not know if the hidden information that we extract (with a guessed password) is the message or noise.

In this scenario, is it safe to initialize a PRNG with the MD5 hash of a password? and what interests me the most: if it is not, how can it be exploited?

1 + 3

steganography

fgrieu

10/21/23, 6:09 AM

Without specification of the steganography system, it's impossible to tell how much time it would take to test if a password is valid. I thus see no way to rationally answer the question, other than by: the system would be safer with proper key stretching in the password-to-PRNG-seed derivation.

Begoña Garcia

10/21/23, 7:32 AM

@fgrieu I have edited the question. what I would like to know is how to carry out an attack if I don't know if the result of the password that I try in each case is correct, since I don't know if what I have extracted is an encrypted message or noise. Or put another way, I don't know if the correct pixels of the image are being selected.

fgrieu

10/21/23, 9:24 AM

Without specification of the steganography system, I don't see what to add to the second part of my [earlier answer](https://crypto.stackexchange.com/a/102329/555), which does cover how to attack a generic (CS)PRNG-seeded-by-fast-hash-of-password system.

Score:1

Crypto

Meir Maor

10/21/23, 11:38 AM

Is it safe to use MD5 as a redundant step in an otherwise secure setup? yes.

Is using MD5 to garble a low entropy password safe? No, because one would iterate through the passwords and check if the selected pixel seem to be modified, and identify the correct password.

In fact if you use the same password for pixel selection and encryption, It may be possible to break an otherwise strong encryption.

One can use image processing techbiques to asses how likely a specific pixel is to have been modified, and compare different possible collectiona of pixels. Not sufficient if we have too many possible options but with a reasonable dictionary probably solveable.

If you have a strong independent encryption and the modification to the image is not detectable at all, and the original password ia very high entropy, you don't need MD5 at all in the first step.

What is the purpose of MD5 in your scheme? It doesn't seem to add anything.

+ 1

Begoña Garcia

10/21/23, 12:25 PM

This is not my scheme, it is an old software that I am analyzing. Thanks for your answer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is it safe to initialize a random number generator with MD5 for pixel selection in image steganography?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.