PNG steganography

Embeds a short message or a small file into the least-significant bits of a PNG, protected with a password. Companion to stego-detect: one hides, the other looks. Crypto: the password is stretched into a 256-bit key via PBKDF2-SHA-256 (200 000 iterations, 16-byte random salt); the payload is encrypted with AES-256-GCM and a 12-byte random IV. Without the right password the payload is unreadable even if an attacker knows that something is hidden in the file. Anti-detection: bits are NOT written into the first N pixels in a row — that would make stego-detect’s LSB map a giveaway. Instead, a deterministic permutation of pixel positions is generated by an xoshiro128**-PRNG seeded from SHA-256 of the salt. The receiver with the right password recovers the salt from the header, derives the same permutation, and reassembles the payload. The chi-square test in stego-detect will still trigger on a sufficiently large payload (math is math), but the visual LSB map looks like uniform noise — no letters, no geometry, no patterns. Container is PNG only (JPEG re-save destroys LSB on the very first DCT quantisation). Capacity: ~width × height × 3 / 8 bytes minus a 44-byte header and AES overhead. For 1080p that is around 750 KB of clean payload. Uses Web Crypto (subtle.deriveKey, subtle.encrypt), no vendors. Processing happens in the browser, nothing leaves your device.