To hide data in credentials is a key problem in information security. In this paper, a summary of the work on data hiding-capacity is made and several communication channel models and several statistical host data models have been considered by the application of information theory. Based on the foundation, a solution is given to the problem about how many bits can be hidden in host data transparently and robustly.