{% extends "base.html" %} {% block title %}About - Stegasoo{% endblock %} {% block content %}
About Stegasoo

Stegasoo is a secure steganography tool that hides encrypted messages and files inside ordinary images using multi-factor authentication.

Key Features
  • Text & File Embedding — Hide messages or any file type (PDF, ZIP, documents)
  • Multi-Factor Security — Combines photo + phrase + PIN/RSA key
  • AES-256-GCM Encryption — Military-grade authenticated encryption
  • Daily Rotating Phrases — Different passphrase each day of the week
  • Random Pixel Embedding — Defeats statistical steganalysis
  • Format Preservation — Maintains PNG/BMP lossless formats
  • Large Capacity — Up to {{ max_payload_kb }} KB payload, 16MP images
  • Zero Server Storage — Nothing saved, files auto-expire
How Security Works

Stegasoo uses hybrid multi-factor authentication to derive encryption keys:

Reference Photo
Something you have
~80-256 bits
Daily Phrase
Something you know (rotates)
~33 bits (3 words)
Static PIN
Something you know (fixed)
~20 bits (6 digits)
RSA Key
Something you have (optional)
~128 bits (2048-bit)
Combined entropy: 130-400+ bits depending on configuration. For reference, 128 bits is considered computationally infeasible to brute force.
Key Derivation

{% if has_argon2 %} Argon2id Available Using Argon2id with 256MB memory cost — the winner of the Password Hashing Competition and current best practice for key derivation. {% else %} Argon2 Not Available Falling back to PBKDF2-SHA512 with 600,000 iterations. Install argon2-cffi for stronger security. {% endif %}

Steganography Technique

Uses LSB (Least Significant Bit) embedding with pseudo-random pixel selection. The pixel locations are determined by a key derived from your credentials, making the hidden data's location unpredictable without the correct inputs.

File Embedding

New in v2.1 Stegasoo now supports embedding any file type, not just text messages.

Supported
  • PDF documents
  • ZIP/RAR archives
  • Office documents (DOCX, XLSX, PPTX)
  • Source code files
  • Any binary file up to {{ max_payload_kb }} KB
How It Works
  • Original filename is preserved
  • MIME type is stored for proper handling
  • File is encrypted identically to text
  • Decoding auto-detects text vs. file
Tip: For larger files, compress them first (ZIP) to maximize capacity. A 16MP carrier image can hold approximately 6MB of raw data, but we limit payloads to {{ max_payload_kb }} KB for reasonable processing times.
Usage Guide

  1. Both parties agree on a reference photo (shared secretly, never transmitted)
  2. Go to Generate and create credentials
  3. Memorize the 7 daily phrases and PIN
  4. If using RSA, download and securely store the key file
  5. Share credentials with your contact through a secure channel

  1. Go to Encode
  2. Upload your reference photo
  3. Upload a carrier image (the image to hide data in)
  4. Choose Text or File mode
  5. Enter your message or select a file to embed
  6. Enter today's phrase and your PIN/key
  7. Download the resulting stego image
  8. Send the stego image through any channel (email, social media, etc.)

  1. Go to Decode
  2. Upload your reference photo (same one used for encoding)
  3. Upload the stego image you received
  4. Enter the phrase for the day it was encoded (check the filename for date)
  5. Enter your PIN and/or RSA key
  6. View the decoded message or download the extracted file
The stego image filename contains the encoding date (e.g., abc123_20251228.png). Use this to determine which day's phrase to use!
Limits & Specifications
Max text message 250,000 characters (~250 KB)
Max file payload {{ max_payload_kb }} KB
Max carrier image 16 megapixels (~4000×4000)
Max upload size 10 MB
Temp file expiry 5 minutes
PIN length 6-9 digits
RSA key sizes 2048, 3072, 4096 bits
Phrase length 3-12 words (BIP-39 wordlist)
CLI & API

Stegasoo is also available as a command-line tool and REST API:

Command Line
# Generate credentials
stegasoo generate --pin --rsa

# Encode a text message
stegasoo encode -r photo.jpg -c meme.png -p "apple forest thunder" --pin 123456 -m "secret"

# Encode a file
stegasoo encode -r photo.jpg -c meme.png -p "apple forest thunder" --pin 123456 -e document.pdf

# Decode (auto-detects text vs file)
stegasoo decode -r photo.jpg -s stego.png -p "apple forest thunder" --pin 123456
REST API
# Encode with multipart upload
curl -X POST http://localhost:8000/encode/multipart \
  -F "reference_photo=@photo.jpg" \
  -F "carrier=@meme.png" \
  -F "message=secret" \
  -F "day_phrase=apple forest thunder" \
  -F "pin=123456" \
  --output stego.png

# Encode a file
curl -X POST http://localhost:8000/encode/multipart \
  -F "reference_photo=@photo.jpg" \
  -F "carrier=@meme.png" \
  -F "payload_file=@document.pdf" \
  -F "day_phrase=apple forest thunder" \
  -F "pin=123456" \
  --output stego.png

API documentation available at /docs (Swagger) or /redoc when running the API server.

Stegasoo v2.1.0 • Open Source • Built with Python, Flask, and cryptography

{% endblock %}