are there alternatives to steghide?

[phytohydra]

"Tomb also supports deniable key storage using steganography. One can tomb bury and tomb exhume keys to and from JPEG images when the utility steghide is installed."

steghide 0.5.1, the current version, hasn't been updated in literally 20 years. The last release was 2003-10-15. There exist steganalysis tools which can reliably detect it.

'Practical attack on Steghide'
https://daniellerch.me/stego/aletheia/steghide-attack-en/

[Narrat]

Time flies by...
Interesting read. Also the other posts about other steganographic tools. After skimming those and a little bit of searching: Is there even a replacement with a good track record? Some of the known have their own dedicated post :D And in general it seems like the development in that regard is rather dead?

[jaromil]

I wrote this section in known bugs a decade ago or so: https://github.com/dyne/Tomb/blob/master/KNOWN_BUGS.md#issue-affecting-keys-used-in-steganography - tl;dr the presence of a key into an image can indeed be detected, but it is still protected by a password (2nd factor) else cannot be retrieved. Brute forcing may be easier against a steg key.

Limits of steghide are known and declared. There isn't a better alternative, AFAIK.

[Eloitor]

What about: https://github.com/resurrecting-open-source-projects/outguess ?

[jaromil]

Thanks for the tip, outguess seems harder to detect (but I would avoid to say impossible...) and a good candidate as alternative to steghide. It may even be autodetected on failure to decode with steghide.