[halosghost]

Hello!

Congrats on getting a proof-of-concept working in this space, especially as young as you are. That's awesome!

However, I would strongly suggest putting a large disclaimer at the very top of this project making clear that it has not undergone rigorous security analysis. Just looking very briefly at the code, the encryption is a hand-rolled XOR cipher directly using a user-provided 10-byte key (keylength being hard-coded).

This is definitely not secure against any, even minimally motivated/aware attacker.

All the best,

[andreabonacci]

Thanks a lot for your feedback! You’re absolutely right about the security disclaimer, so I’ve added a big, clear warning at the top of the project to make sure everyone knows it’s just a proof-of-concept and not meant for serious use. Really appreciate you pointing that out!

By the way, have you had a chance to try the program out? I’d love to know what you think about it—like, is the concept cool or useful in any way, even with its limitations? And if you’ve got any ideas on how to make it better (aside from the encryption stuff), I’m all ears!

This is mostly a learning project for me, so any thoughts or suggestions you have would be awesome. Thanks again for taking the time to comment—it means a lot!

[halosghost]

I haven't tried it out, I'm afraid (mostly due to time availability). I can say that I think the use of this tool is somewhat limited for the real-world. It is, in some sense, a steganography (the art and study of hiding a secret in undetectable ways, “in plain sight”) tool, but given that the resultant image (the “covertext” in steganography jargon) is semi-obviously noise (rather than some innocuous image), it's going to stand out to anyone hunting for secrets.

[Edit to add:] There is, however, a use-case that is still valid and worth considering: using this tool to communicate messages over a “carrier signal.” I.e., if there's a place where you want to store or transmit a message, but that message is in a format that is not accepted by the channel, but PNGs are allowed, you may be able to use this tool to encode arbitrary information into PNGs such that your message can still be transmitted. However, this is a pretty limited use-case, and is very easily detected.

There are also some niceties missing that I have come to expect from command-line UX (e.g., standardized getopt-style argument handling, terminal-size awareness, etc.) which are things you pick up and start to value as you spend more time in the CLI.

Also, if you want to dive into some of the encryption and security-related work, I'd suggest starting with the excellent CryptoPals challenges [0] (a XOR cipher is one of the first things you build and then break :P).

All the best,

[0] https://www.cryptopals.com/

[andreabonacci]

thanks you!