Does this project spark your interest?

Become a member to follow this project and don't miss any updates


Bury it under the noise floor

Here is discussed a PHP class to hide encrypted messages and files inside of images without significantly changing the way the image looks.

Similar projects worth following
This is meant to be an instructional write-up to touch on some common ideas and mechanisms in cryptography, and leverage them to make a reasonable steganographic program.

Full documentation and a usable demo page are at the link to my blog.

  • AES-256 encrypted with optional BZ2 compression.
  • Multi-round password hashing to derive key material from passwords.
  • No predictable patterns to search for. Offset is derived from the password, and the stride between pixels is arhythmic, with a seed value derived from the password.
  • Each color is treated as a discrete channel, with messages able to span channels. This allows up to three independent messages to be overlaid on the same carrier, or one message can occupy multiple channels.
  • Option for automatic re-scaling of the carrier image to minimize waste.
  • All relevant parameters are derived from the key, or stored as discrete bits, allowing for simple decoding. Just supply a carrier image and a correct password.
  • MD5 integrity verification.
  • File storage and retrieval
  • Built-in trivial logging faculty.

  • 2016.02.18: Node.JS module

    J. Ian Lindsay02/19/2016 at 06:42 0 comments

    The node.js port is not yet up to feature-parity with the PHP original. But it works for simple text strings. Most of the missing features are simple changes and fixes.

    I would prefer to re-work the library into a more proper functional style, as it suffers from some of the style of PHP, as it was a more-or-less direct port. If there is sufficient interest at the github page, and/or bitcoin-sponsored issues, I will devote time to fixing them. PR's are always welcome.

  • Changed the license

    J. Ian Lindsay11/19/2015 at 19:16 0 comments

    In light of recent idiocy in government threatening to attack encryption, I changed the license to the most permissive license I could find.

    I will not ration bullets in a war. Fork it. Mutate it. Re-purpose it. Learn from it. Make government impossible.

View all 2 project logs

Enjoy this project?



J. Ian Lindsay wrote 10/26/2015 at 09:21 point

Ha! My test fixture was inoperable since I moved my hosting. It has been fixed.

  Are you sure? yes | no

J. Ian Lindsay wrote 07/22/2014 at 22:32 point
Wow.... This was published to hack-a-day about 1.4 years ago, and a similar thing happened. It got trashed in the comments, but it is my most popular github repo to this day.

I wrote this class on an impulse over the course of a few days. Glad so many people like it. :-)
Thanks, everyone.

  Are you sure? yes | no

Similar Projects