stegasoo/v1_old_files/README.md

# Stegasoo Web Service

A containerized Flask + Bootstrap web UI for hybrid Photo + Day-Phrase + PIN steganography.

![Python](https://img.shields.io/badge/Python-3.11+-blue)
![Flask](https://img.shields.io/badge/Flask-3.0+-green)
![Docker](https://img.shields.io/badge/Docker-Ready-blue)
![Security](https://img.shields.io/badge/Security-AES--256--GCM-red)

## Features

- 🔐 **AES-256-GCM** authenticated encryption
- 🧠 **Argon2id** memory-hard key derivation (256MB)
- 🎲 **Pseudo-random pixel selection** defeats steganalysis
- 📅 **Daily key rotation** with customizable phrases (3-12 words)
- 🔢 **Static PIN** for additional entropy (6-8 digits)
- 🖼️ **Reference photo** as "something you have"
- 🌐 **Web UI** with Bootstrap 5 dark theme
- 📖 **Memory aid stories** to help memorize phrases (template or AI-powered)

## Quick Start

### Docker (Recommended)

```bash
# Build and run
docker-compose up -d

# Access at http://localhost:5000
```

### Manual Installation

```bash
# Create virtual environment
python -m venv venv
source venv/bin/activate  # Linux/Mac
# or: venv\Scripts\activate  # Windows

# Install dependencies
pip install -r requirements.txt

# Optional: Enable AI-powered story generation
pip install -r requirements-ml.txt

# Run development server
python app.py

# Or production with gunicorn
gunicorn --bind 0.0.0.0:5000 app:app
```

## Usage

### 1. Generate Credentials

Visit `/generate` to create:
- **7 phrases** (one per day of week, 3-12 words each)
- **1 PIN** (6-8 digits, same every day)
- **Memory aid stories** (optional, helps memorize phrases)

Memorize these! Don't save them.

### 2. Encode a Message

Visit `/encode` and provide:
- **Reference photo** - A photo both parties have (NOT transmitted)
- **Carrier image** - The image to hide your message in
- **Message** - Your secret text
- **Day phrase** - Today's phrase
- **PIN** - Your static PIN

Download the stego image and share it through any channel.

### 3. Decode a Message

Visit `/decode` and provide:
- **Reference photo** - Same photo used for encoding
- **Stego image** - The image containing the hidden message
- **Day phrase** - The phrase for the day it was encoded
- **PIN** - Your static PIN

## Security Model

| Component | Entropy | Purpose |
|-----------|---------|---------|
| Reference Photo | ~80-256 bits | Something you have |
| Day Phrase | ~33-132 bits | Something you know (rotates daily) |
| PIN | ~20-27 bits | Something you know (static) |
| **Combined** | **133-415+ bits** | **Beyond brute force** |

### Attack Resistance

| Attack | Result |
|--------|--------|
| Brute force | 2^133+ combinations = impossible |
| Rainbow tables | Random salt per message |
| Steganalysis | Random pixel selection defeats detection |
| GPU cracking | Argon2 requires 256MB RAM per attempt |

## Memory Aid Stories

The generate page can create stories to help you memorize your phrases:

**Template-based** (default):
> Monday morning began when I discovered a **APPLE** near the **FOREST**. I had to **THUNDER** quickly, then grab the **CRYSTAL** before reaching the **BRAVE**.

**AI-powered** (with `requirements-ml.txt`):
- Uses DistilGPT-2 (~350MB model)
- Generates more coherent, natural stories
- Words highlighted in RED CAPS

## Configuration

Environment variables:

| Variable | Default | Description |
|----------|---------|-------------|
| `FLASK_ENV` | production | Flask environment |
| `SECRET_KEY` | random | Session secret (auto-generated) |

## Production Deployment

For production, consider:

1. **HTTPS** - Use nginx reverse proxy with SSL
2. **Rate limiting** - Prevent abuse
3. **Logging** - Monitor for security events
4. **Memory** - Allocate at least 512MB (Argon2 needs 256MB)

## License

MIT License - Use responsibly.

## ⚠️ Disclaimer

This tool is for educational and legitimate privacy purposes only. Users are responsible for complying with applicable laws in their jurisdiction.