search

petereigenschink / steganography.js

Hide secret messages with JavaScript and this library
http://www.peter-eigenschink.at/projects/steganographyjs/
MIT License
363 stars 67 forks source link

undetectability #1

Open fruiz500 opened 9 years ago

fruiz500 commented 9 years ago

I think it would be better if there was no way to tell whether or not a message has been hidden in an image. I guess what the code does now is record certain start and end markers so it is possible to know where the encoded material begins and ends. But how about this:

  1. Make the encoded data start at the very beginning of the pixel data, or at some fixed location after that with no start marker, and place no marker saying where it ends. Needless to say, whatever original noise has not been overwritten should stay intact.
  2. The decode command thus extracts whatever data has been hidden, and after it ends it returns the original noise of the picture. It is up to the user to decide where the hidden data ends. The reason for all this is that real steganography is undetectable. If the code adds detectable markers of any kind, the cover is blown.
petereigenschink commented 9 years ago

That is definitely a good point, currently the data is written at the start of the pixel data and after the encoded message ends the original noise in the image is cleaned. But this is only default behaviour, it is possible to specify a function which determines what is written to the image data after the message ends. For some purposes, where steganography.js is just used to store data inside the image and not to really hide it, it is necessary to extract the exact message again. So I think that this is something that should be configurable. Another idea that would support the undetectability would be to distribute the hidden message throughout the image data, so that the whole message is not hidden in a single bundle inside the image. What do you think about that?

fruiz500 commented 9 years ago

Some things that might be done easily:

  1. Don't clean the rest of the pixel data, or at least leave that possibility open. The recipient can still figure out where the real data ends by inspection, and this would help a lot to hide the data.
  2. Distribute the data throughput the file (perhaps leaving the rest of the noise intact, for better undetectability) by some sort of interleaving. How about this: area to be used = (number of pixels) * 3 / (bits to be hidden) * counter where counter runs from 1 to the number of bits to be hidden. The recipient would have to know the number of bits hidden, or this number could be hidden, in binary form, in a fixed series of pixels. Good work!