Currently I'm building a toy steganography system based in a web browser. Besides all the obvious issues with building a system requiring extreme privacy into a browser (this is a toy!), I was curious if there were any serious flaws to the basic flow of the system.
The idea is to take a binary buffer of any length as the transport layer, and switch the least significant bits of each byte of the buffer (not the alpha channel in images due to issues with the canvas messing with alpha for better performance) based on the binary of the plaintext. That is the basic part and basically the same as every other system.
Where this differs is that a steganographic key is taken in the form of a large integer which is fed into Blum Blum Shub in order to derive the bit positions of the switched bits. In addition, garbage bits are created so as to allow the plaintext a space to be more thoroughly obfuscated in. (For example, this would result in an image of length 50 bytes [excluding alpha] and a plaintext of length 5 bits having the space between each plaintext bit padded.) The derivation of the garbage bits is via a system that allows for different results to occur from different key/image combinations but remain constant through the same combinations.
The plaintext is, as should be noted, not a plaintext but rather the output of AES with a separate encryption key.
Thanks for the time and this is my first attempt at building something like this so criticism is really appreciated!
