Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using '-k image.jpeg' the image's 'Date Accessed' attribute should NOT be modified [feature request] #266

Closed
tombraidr opened this issue Jun 8, 2017 · 7 comments
Closed

When using '-k image.jpeg' the image's 'Date Accessed' attribute should NOT be modified [feature request] #266

tombraidr opened this issue Jun 8, 2017 · 7 comments
Labels
feat wish feature we wish someone would refine and implement

Comments

@tombraidr
Copy link

It's not difficult to find keys hidden in JPEG files -even if you have zillions of them in your system- . You only need search for and sort JPEG images by 'date accessed' in descending order to see a list of potential keys.

It would be great if when using tomb open -k path/to/image.jpeg secret.tomb something behind the scenes triggers something like:
datetime = getDateAccessed(path_to_image, image.jpeg) (pseudo code)
and then...
touch -a -m -t [datetime] image.jpeg

That way it will give the impression the image hasn't been accessed recently.

What do you think?
@arthaud
Copy link
Contributor

arthaud commented Jun 8, 2017

That would be great. +1

@jaromil
Copy link
Member

jaromil commented Jun 10, 2017

Yes, I think you spotted another practical vulnerability in the steganographic mechanism of Tomb, well done! we shall address this either within Tomb or within steghide. I am not sure how to best implement the pseudo-code to retrieve the date in shell, perhaps using stat(1)

@roddhjav
Copy link
Contributor

I did a implementation of this proposal using stat and touch. In order to be sure access time is restored in all uses cases and in order to keep the code clean, the time is restored in the endgame function.

See: roddhjav@1c5852f
Please note it has not been tested yet.

@tombraidr tombraidr changed the title When using '-k image,jpeg' the image's 'Date Accessed' attribute should NOT be modified [feature request] When using '-k image.jpeg' the image's 'Date Accessed' attribute should NOT be modified [feature request] Jun 12, 2017
@tombraidr
Copy link
Author

Thanks @jaromil , @roddhjav

As soon as people say the commit is working for them I shall close the issue.

@tombraidr
Copy link
Author

@roddhjav

Ops! I forgot to clarify the touch -a -m -t command I wrote above (probably you know already but it's nice to remind us) -a is for 'date accessed' and -m is for 'date modified'. Both should be considered separately when restoring datetimes.

@jaromil jaromil added feat wish feature we wish someone would refine and implement labels Jul 3, 2017
@jaromil
Copy link
Member

jaromil commented Sep 23, 2018

@roddhjav would you like to pack your commit into a PR?

roddhjav added a commit to roddhjav/Tomb that referenced this issue Sep 23, 2018
@roddhjav
Track access/modification time of sensitive files
82c313a 
Collect the stat of tomb keys and tomb files then restore them when
Tomb exit. Can be extended to any file opened by Tomb. See dyne#266
roddhjav added a commit to roddhjav/Tomb that referenced this issue Sep 23, 2018
@roddhjav
Track access/modification time of sensitive files
aaa4637 
Collects the stats of tomb keys and tomb files then restore them when
Tomb exits. Can be extended to any file opened by Tomb. See dyne#266
@roddhjav roddhjav mentioned this issue Sep 23, 2018
Merged
@roddhjav
Copy link
Contributor

@jaromil done! see #320

@jaromil jaromil closed this as completed Mar 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat wish feature we wish someone would refine and implement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jaromil @arthaud @roddhjav @tombraidr