- #36
sysprog
- 2,617
- 1,796
USPS small package service is a 'species' of first-class mail ##--##Vanadium 50 said:
from https://www.usps.com/ship/mail-shipping-services.htm:
First-Class Mail® is an affordable mail service for standard-sized, single-piece envelopes weighing up to 3.5 oz and large envelopes and small packages weighing up to 13 oz with delivery in 3 business days or less.
(emphasis added)
The method is not steganography; it's simply XOR masking -- if a .jpg file is used as the mask, it's sent without alteration. The .exe file is XORed against the mask file (of the same or greater length), and the resulting data file is sent along with the mask. Then at the receiving end, the data file is XORed against the mask file, and the result is the .exe file.
The method is the same as that used for a one-time pad cipher, except that it sends the mask file with the data file instead of by separate transmission, the mask doesn't have to be random, and it can be used more than once ##-## the goal here isn't imperviousness to cryptanalysis; it's getting past a filter by eliminating the characteristic patterns that the filter searches for.
For real one-time pad security, you could use two DVDs filled with identical random data, send one to your correspondent, and then send XOR-masked data files, each with an offset number for how far into the DVD was up next for use as a mask. Then a script could copy bytes from the DVD, beginning at the current offset, and running the length of the data file. The new offset for the next file to be sent, in either direction, would be the offset just used plus the length of the data file just sent. With a standard 4.6GB DVD, that would allow for 460 program or other files of 10MB length each, or a lot of smaller files.
Last edited: