Attacking encrypted bitmaps

Just because your photos are encrypted, it doesn’t seem that you can count on them to be totally unreadable to someone without the key. The attack only seems to work against bitmap images, so those secret JPGs, PNGs, and GIFs should be safe for now. This is because most types of files contain significantly more entropy than bitmaps. That is to say, there is a lot more redundant information in a BMP file than there is in something compressed. Even in the case of the vulnerable images, the technique can only produce “the outline of a high-contrast image.”

Once again, it proves the statement that ‘you can’t hide secrets from the future with math.’ Cryptographic attacks – and the resources available to attackers – will only keep increasing over time.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

3 thoughts on “Attacking encrypted bitmaps”

  1. Those rich in home-made porn and poor in compressed image file formats shall surely suffer most.

  2. Encrypting a bitmap is a bit like encrypting this kind of text:

    “The password is coconut. The password is coconut. The password is coconut. The password is coconut. The password is coconut. The password is coconut. The password is coconut. The password is coconut. My name is Jim. My name is Jim. My name is Jim. My name is Jim. My name is Jim. The password is coconut. The password is coconut.The password is coconut. The password is coconut.”

    The repetitiveness makes it likely that any weaknesses in the encryption system will be more easily discovered.

  3. “New Attack” Against Encrypted Images
    By Bruce Schneier

    In a blatant attempt to get some PR:

    In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data ‘leaks’.

    Here’s the paper. Turns out that if you use a block cipher in Electronic Codebook Mode, identical plaintexts encrypt to identical ciphertexts.

    Yeah, we already knew that.

    And -1 point for a security company requiring the use of Javascript, and not failing gracefully for a browser that doesn’t have it enabled.

    And — ahem — what is it with that photograph in the paper? Couldn’t the researchers have found something a little less adolescent?

Leave a Reply

Your email address will not be published. Required fields are marked *