adlee-was-taken
@@ -6,7 +6,7 @@ Thank you for your interest in contributing to Stegasoo! This document provides
|
|||||||
|
|
||||||
### Prerequisites
|
### Prerequisites
|
||||||
|
|
||||||
- Python 3.10 or higher
|
- Python 3.10 - 3.12
|
||||||
- Git
|
- Git
|
||||||
- Docker (optional, for container testing)
|
- Docker (optional, for container testing)
|
||||||
|
|
||||||
|
|||||||
10
SECURITY.md
10
SECURITY.md
@@ -4,16 +4,16 @@
|
|||||||
|
|
||||||
| Version | Supported | Notes |
|
| Version | Supported | Notes |
|
||||||
| ------- | ------------------ | ----- |
|
| ------- | ------------------ | ----- |
|
||||||
| 4.x.x | ✅ Active | Current release |
|
| 4.1.x | Current Version | What you SHOULD be using. |
|
||||||
| 3.x.x | ⚠️ Security fixes only | Upgrade recommended |
|
| 4.x.x | ⚠️ Security fixes only | Upgrade (EOL soon) |
|
||||||
| 2.x.x | ❌ End of life | |
|
| <= 3.x.x | ❌ End of life | |
|
||||||
| 1.x.x | ❌ End of life | |
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
**Please do not report security vulnerabilities through public GitHub issues.**
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
||||||
|
|
||||||
Instead, please email: **security@example.com** (replace with your email)
|
Instead, please email: **adlee-was-taken@proton.me**
|
||||||
|
|
||||||
Include:
|
Include:
|
||||||
- Description of the vulnerability
|
- Description of the vulnerability
|
||||||
|
|||||||
@@ -22,20 +22,20 @@ A detailed breakdown of how Stegasoo's LSB and DCT steganography modes work unde
|
|||||||
|
|
||||||
```
|
```
|
||||||
┌─────────────────────────────────────────────────────────────────────────────┐
|
┌─────────────────────────────────────────────────────────────────────────────┐
|
||||||
│ STEGASOO ARCHITECTURE (v4.0) │
|
│ STEGASOO ARCHITECTURE (v4.0) │
|
||||||
├─────────────────────────────────────────────────────────────────────────────┤
|
├─────────────────────────────────────────────────────────────────────────────┤
|
||||||
│ │
|
│ │
|
||||||
│ INPUTS PROCESSING OUTPUT │
|
│ INPUTS PROCESSING OUTPUT │
|
||||||
│ ─────── ────────── ────── │
|
│ ─────── ────────── ────── │
|
||||||
│ │
|
│ │
|
||||||
│ Reference Photo ─┐ │
|
│ Reference Photo ─┐ │
|
||||||
│ Passphrase ──────┼──► Argon2id KDF ──► AES-256 Key │
|
│ Passphrase ──────┼──► Argon2id KDF ──► AES-256 Key │
|
||||||
│ PIN/RSA Key ─────┘ │ │
|
│ PIN/RSA Key ─────┘ │ │
|
||||||
│ ▼ │
|
│ ▼ │
|
||||||
│ Message/File ────────────────────────► AES-256-GCM ──► Ciphertext │
|
│ Message/File ────────────────────────► AES-256-GCM ──► Ciphertext │
|
||||||
│ Encryption │ │
|
│ Encryption │ │
|
||||||
│ ▼ │
|
│ ▼ │
|
||||||
│ Carrier Image ───────────────────────────────────────► Embedding ──► Stego│
|
│ Carrier Image ───────────────────────────────────────► Embedding ─► Stego │
|
||||||
│ (LSB/DCT) Image │
|
│ (LSB/DCT) Image │
|
||||||
│ │
|
│ │
|
||||||
└─────────────────────────────────────────────────────────────────────────────┘
|
└─────────────────────────────────────────────────────────────────────────────┘
|
||||||
@@ -626,7 +626,7 @@ Factor 1: Reference Photo ─┐
|
|||||||
• 80-256 bits entropy │
|
• 80-256 bits entropy │
|
||||||
• "Something you have" │
|
• "Something you have" │
|
||||||
├──► Combined entropy: 133-400+ bits
|
├──► Combined entropy: 133-400+ bits
|
||||||
Factor 2: Passphrase │ (Beyond brute force)
|
Factor 2: Passphrase │ (Beyond brute force)
|
||||||
• 43-132 bits entropy │
|
• 43-132 bits entropy │
|
||||||
• "Something you know" │
|
• "Something you know" │
|
||||||
• 4 words default (v4.0) │
|
• 4 words default (v4.0) │
|
||||||
@@ -688,7 +688,7 @@ AUTHENTICATED ENCRYPTION (AES-256-GCM)
|
|||||||
|
|
||||||
```
|
```
|
||||||
┌──────────────────────────────────────────────────────────────────────────────┐
|
┌──────────────────────────────────────────────────────────────────────────────┐
|
||||||
│ ENCODE FLOW (v4.0) │
|
│ ENCODE FLOW (v4.0) │
|
||||||
└──────────────────────────────────────────────────────────────────────────────┘
|
└──────────────────────────────────────────────────────────────────────────────┘
|
||||||
|
|
||||||
User Inputs Processing Output
|
User Inputs Processing Output
|
||||||
@@ -714,14 +714,14 @@ Carrier Image ──────────────────────
|
|||||||
│ │
|
│ │
|
||||||
┌───────────┴─────┴────────────┐
|
┌───────────┴─────┴────────────┐
|
||||||
│ │
|
│ │
|
||||||
LSB Mode DCT Mode
|
LSB Mode DCT Mode
|
||||||
│ │
|
│ │
|
||||||
▼ ▼
|
▼ ▼
|
||||||
embed_lsb() embed_in_dct()
|
embed_lsb() embed_in_dct()
|
||||||
(pixel LSBs) (DCT coefficients)
|
(pixel LSBs) (DCT coefficients)
|
||||||
│ │
|
│ │
|
||||||
▼ ▼
|
▼ ▼
|
||||||
PNG Output PNG or JPEG
|
PNG Output PNG or JPEG
|
||||||
│ │
|
│ │
|
||||||
└──────────┬───────────────────┘
|
└──────────┬───────────────────┘
|
||||||
│
|
│
|
||||||
@@ -793,8 +793,8 @@ Stego Image ──────────► detect_mode() ──────
|
|||||||
Both modes share the same cryptographic foundation (Argon2id + AES-256-GCM) and multi-factor authentication, ensuring security regardless of embedding method.
|
Both modes share the same cryptographic foundation (Argon2id + AES-256-GCM) and multi-factor authentication, ensuring security regardless of embedding method.
|
||||||
|
|
||||||
The choice comes down to your use case:
|
The choice comes down to your use case:
|
||||||
- **Private channel?** → LSB (maximum capacity)
|
|
||||||
- **Public platform?** → DCT (maximum compatibility)
|
- **Public platform?** → DCT (maximum compatibility)
|
||||||
|
- **Private channel?** → LSB (maximum capacity)
|
||||||
|
|
||||||
### v4.0 Simplifications
|
### v4.0 Simplifications
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user