Steg Cloak: Hide secrets with invisible characters in plain text securely using passwords

栏目: IT技术 · 发布时间: 4年前

内容简介:StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, t

Steg Cloak: Hide secrets with invisible characters in plain text securely using passwords StegCloak

The Cloak of Invisibility for your texts

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other covert communication. Completely invisible!. See how it works in-depth here or watch our demo to know what it does

Features

  • Protect your invisible secret using passwords and HMAC integrity

  • Cryptographically secure by encrypting the invisible secret using AES-256-CTR.

  • Uses 7 Invisible characters in unicode characters that works everywhere in the web.

    Including the most important ones Tweets, Gmail, Whatsapp, Telegram, Instagram, Facebook etc.

  • Maximum Compression to reduce the payload (LZ, Huffman).

  • Completely invisible, uses Zero Width Characters instead of white spaces or tabs.

  • Super fast! Hides the Wikipedia page-source for steganography (800 lines and 205362 characters) within a covertext of 3 words in under one second.

  • Written in pure functional style.

  • Usage - Available as an API module, a CLI and also a Web Interface (optimized with web workers).

Steg Cloak: Hide secrets with invisible characters in plain text securely using passwords

Installing

Using npm,

$ npm install -g stegcloak

Using npm (to use it locally in your program),

$ npm install stegcloak

How it works

Steg Cloak: Hide secrets with invisible characters in plain text securely using passwords

CLI Usage

Hide

$ stegcloak hide

Options:

hide [options] [secret] [cover]

  -f, --file <file>       Extract input from file
  -n, --nocrypt           If you don't need encryption (default: false)
  -i, --integrity         If additional security of preventing tampering is needed (default: false)
  -o, --output <output>   Stream the results to an output file
  -h, --help              display help for command

Reveal

$ stegcloak reveal

Options:

reveal [data]

  -f, --file <file>       Extract input from file
  -cp, --clip             Copy Data directly from clipboard
  -o, --output <output>   Stream the secret to an output file
  -h, --help              display help for command

API Usage

const StegCloak = require('stegcloak');

const stegcloak = new StegCloak(true, false);  // Initializes with encryption true and hmac false for hiding

// These arguments are used only during hide

// Can be changed later by switching boolean flags for stegcloak.encrypt and stegcloak.integrity

What's HMAC and do I need it?

HMAC is an additional fingerprint security step taken towards tampering of texts and to verify if the message received was actually sent by the intended sender. If the data is sent through WhatsApp, Messenger or any social media platform, this is already taken care of! However, if you are using StegCloak in your program to safely transmit and retrieve, this option can be enabled and StegCloak takes care of it.

Hide

stegcloak.hide(secret,password,cover) -> string

const magic = stegcloak.hide("Voldemort is back", "mischief managed", "The WiFi's not working here!");

// Uses stegcloak.encrypt and stegcloak.integrity booleans for obfuscation

console.log(magic);  // The WiFi's not working here!

Reveal

stegcloak.reveal(data, password) -> string

const secret = stegcloak.reveal(magic, "mischief managed");

// Automatically detects if encryption or integrity checks were done during hide and acts accordingly

console.log(secret); // Voldemort is back

Important

Stegcloak does'nt solve the alice-bob-warden problem, its powerful only when people are not looking for it and it helps you to achieve that really well given its invisible properties around the web! It could be safely used for watermarking in forums, invisible tweets,irc chats,social media etc. Please don't use it when you know there's someone who is actively sniffing your data looking at the unicode characters through a data analysis tool, in that case even though the secret encoded cannot be deciphered the fact lies that the warden ( Middle-man ) now knows some secret communication took place, cause he would have noticed an unusual amount of special invisible characters.

Resources

The following papers were referred to for insight and understanding of using Zero Width Characters in steganography.

  • Milad Taleby Ahvanooey, Qianmu Li , Jun Hou, Ahmed Raza Rajput and Chen Yini
Modern Text Hiding, Text Steganalysis, and Applications: A Comparative Analysis
  • Taleby Ahvanooey, Milad & Li, Qianmu & Hou, Jun & Dana Mazraeh, Hassan & Zhang, Jing.
AITSteg: An Innovative Text Steganography Technique for Hidden Transmission of Text Message via Social Media.
IEEE Access

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT - Copyright (c) 2020 Jyothishmathi CV , Kandavel A , Mohanasundar M

Acknowledgements

The StegCloak logo was designed by Smashicons .


以上所述就是小编给大家介绍的《Steg Cloak: Hide secrets with invisible characters in plain text securely using passwords》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

比特币

比特币

李钧、长铗 / 中信出版社 / 2014-1-1 / 39.00元

2009年,比特币诞生。比特币是一种通过密码编码,在复杂算法的大量计算下产生的电子货币。虽然是虚拟货币,比特币却引起了前所未有的全球关注热潮。 这一串凝结着加密算法与运算能力的数字不仅可以安全流通、换取实物,1比特币价值甚至曾高达8 000元人民币。有研究者认为比特币具备打破几千年来全球货币由国家垄断发行的可能性。在不经意间,比特币引起的金融新浪潮已悄然成型。 虚拟货币并不是新鲜事物,......一起来看看 《比特币》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

html转js在线工具
html转js在线工具

html转js在线工具

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具