Text Steganography - Encrypt/Hide text using JavaScript and Decrypt/Unhide using PHP

Question

I've googled a lot about steganography for text and found this: http://www.fourmilab.ch/javascrypt/javascrypt.html & http://www.fourmilab.ch/javascrypt/stego.html

The basic fundamental of these url is to convert any text into encrypted code & then using second url convert that encrypted code into NON SENSE english words with punctuation.

This is done using javascript and it works perfect. My half work is done here.

Now I'll be sending this NON SENSE english words, with punctuations, to my server using form. I don't know how to decrypt the data at server end using PHP because it is converted via JavaScript.

I don't want the data which is transferred via network to be read by anyone. I want only english words to be transferred via network, nothing else.

Do you know anything similar to this? Steganograph the form (only to English Words with punctuations) before sending using JS/JQuery and decode using PHP.

Or can anybody suggest how to make the server side part working from the above links.??

Any help is welcomed.

Thanks

---

Update

I'm not considering about hackers or descriptors who can see the encryption technique in JS. I know they can, but I'll be dealing with normal non technical persons.

All I want is if a normal person see the data traffic of network then he/she should see only english words (non sense is also fine) not the actual program/text.

Answer 1

I've added a text steganography component to my PassLok app, which might give you some ideas. The code is available at: https://github.com/fruiz500/passlok . It you look at the code, the steganography functions are right after a large piece of text (containing part of the GNU 3.0 license), which is used as default covertext.

There are two methods, both implemented completely in javascript so no connection to a server is necessary. The Words method replaces each character from the plaintext with a word from the covertext, resulting in gibberish English (or whatever your covertext is; it works with non-Latin languages, too), with random punctuation. The Spaces method encodes each character into binary first, and then replaces the spaces in the covertext with one or two spaces according to the encoding, resulting in readable text with irregular spacing. The recipient does not need to have the covertext, with the Spaces method, but the end result is much longer.

To address adam's criticism that this would not provide real security, PassLok first checks that the plaintext is encrypted by another method (or appears to be) before applying the Words or Spaces methods.

The details of the implementation are complex, so it's best if you take a look at that source code and see how it's done. It has a lot of comments.

Answer 2

The links you provided are actually performing relatively simple functions. The encryption bit is not very impressive to be honest. You should use a well-supported javascrypt encryption library for that, which you can read more about here: http://code.google.com/p/crypto-js/

As for the second link, I think all this is doing is taking a random snippet of text, which looks like plaintext English, and embedding the message in random bits. The result is a message which looks almost intelligible. To be honest, this is almost more suspicious than using something like image based steganography (check: http://oakes.github.io/PixelJihad/about.html ). However, image based steganography is vulnerable to detection since there are certain auto-correlative properties of most images.