Quote from: pine on May 07, 2012, 04:41 amEach time I reply to this, something goes wrong -.-Ok, here's what I was saying in short.1. security through obscurity means *not* using an obscure channel or obscure piece of media for example, putting a steg encoded picture of a lolcat onto a popular image sharing website. Because the lolcat captions continually change there is no real benchmark against which to compare a steg encoded version, which makes life a lot tougher in terms of finding pictures which may have been steg altered (I expect there are non-invasive encoding techniques, but haven't looked into it).2. using a public channel is not a small part of this, but a very important decision. If you use Tor to upload an image onto a Tor hosting service, congrats, since you fell into the techie profile, that image is more likely to be scanned by an adversary for steg encoding. Similarly, if you have a steg encoded attachment in your Tormail account and LE is looking at it...On the other hand, if your steg encoded item is in massive circulation, then there's potentially millions of people who have a copy of the item and this is most ideal. I want for example, to have the FBI explain to the judge that having a picture of longcat on your computer's HD is a serious sign of potential criminal activity (pokerface).3. Use steg *and* encryption. Remember the appealing metaphor of strands of rope apart or twisted together? Yup.4. For PGP to be a standard method of encrypting data is fine. It's encryption. But for steneography, the encoding schema used would be an important clue, so it's best not to use any specific scheme recommended on a public forum.I've always viewed digital steganography with skepticism as although there are tools which allow you to hide data within another file in a non obvious manner, anyone with the same tool can then view that information.It also seems to be possible to place encrypted data inside the lower bits of certain files but an analysis of the same would reveal the encrypted data thereby rather defeating the point of Steganography!As Pine says this would be an excellent layer of security to employ in addition to encryption but if for example an image is used, it might be best to make it one of a series e.g a selection of holiday snaps rather than a single image of a lolcat.Physical methods of Steganography can also be an ideal way of concealing longer passwords to encrypted files e.g using every third letter/digit in a shopping list but once again this should compliment the existing methods you have to protect your data, not replace them.V.