New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When using '-k image.jpeg' the image's 'Date Accessed' attribute should NOT be modified [feature request] #266
Comments
That would be great. +1 |
Yes, I think you spotted another practical vulnerability in the steganographic mechanism of Tomb, well done! we shall address this either within Tomb or within steghide. I am not sure how to best implement the pseudo-code to retrieve the date in shell, perhaps using stat(1) |
I did a implementation of this proposal using See: roddhjav@1c5852f |
Ops! I forgot to clarify the |
@roddhjav would you like to pack your commit into a PR? |
Collect the stat of tomb keys and tomb files then restore them when Tomb exit. Can be extended to any file opened by Tomb. See dyne#266
Collects the stats of tomb keys and tomb files then restore them when Tomb exits. Can be extended to any file opened by Tomb. See dyne#266
It's not difficult to find keys hidden in JPEG files -even if you have zillions of them in your system- . You only need search for and sort JPEG images by 'date accessed' in descending order to see a list of potential keys.
It would be great if when using
tomb open -k path/to/image.jpeg secret.tomb
something behind the scenes triggers something like:datetime = getDateAccessed(path_to_image, image.jpeg)
(pseudo code)and then...
touch -a -m -t [datetime] image.jpeg
That way it will give the impression the image hasn't been accessed recently.
What do you think?
The text was updated successfully, but these errors were encountered: