Audio Steganography Password Manager

The Problem

Traditional password managers store credentials in encrypted databases. That’s secure, but it’s also obvious. Anyone who gains access to your machine knows exactly where to look. I wanted something different: a password storage method where the container itself is innocuous — an audio file that plays normally but contains recoverable secrets.

The Concept

Audio steganography — encoding encrypted data into the least significant bits (LSB) of audio samples. The file plays identically to human ears (and most audio equipment), but contains a recoverable payload for those who know it’s there and have the key.

Plausible deniability: Your “music collection” is just a music collection. Even under scrutiny, individual files look and sound like normal audio.

How It Works

Encoding Pipeline

Password Entry → AES-256 Encryption → Binary Payload
                                            │
Audio File (WAV/AIFF) → LSB Embedding → Stego Audio

Encrypt first: Passwords are AES-256 encrypted with a key derived from a master passphrase (PBKDF2, 100k iterations)
Embed second: Encrypted bytes are written to the least significant bits of audio samples
Preserve quality: LSB changes are inaudible (0.006% amplitude variation)
Add redundancy: Payload scattered across file with error correction for lossy survival

Decoding Pipeline

Stego Audio → LSB Extraction → Encrypted Payload → AES Decryption → Password Entry

Technical Details

Audio format: WAV/AIFF (lossless) for maximum capacity. MP3/AAC support via “safe zones” — embedding only in frequency bands that survive compression.

Capacity: ~1KB per minute of CD-quality stereo audio. A 3-minute song holds ~3KB — enough for 50-100 password entries with metadata.

Security layers:

Master passphrase → key derivation (PBKDF2)
AES-256-GCM for each password entry
Optional: decoy entries with different passphrase (plausible deniability)
Optional: password file can be split across multiple audio files

Implementation

Core engine: Python (NumPy for audio processing, cryptography for encryption) macOS app: Swift + SwiftUI wrapper around Python core via PythonKit iOS app: Planned — using Python core compiled as framework

Challenges Solved

Lossy compression survival: MP3 compression destroys LSB data. Solution: embed in spectral “safe zones” — frequency bands that MP3 preserves at high bitrates. Tested against 320kbps MP3 with 95% recovery.

Audio quality preservation: Blind A/B testing with 20 participants. No one could distinguish original from stego audio at standard listening volumes.

Key derivation UX: Master passphrase must be memorable but strong. Used zxcvbn for strength estimation, enforced 50+ bits of entropy minimum.

File management: How do you organize “songs with passwords”? Solution: tags and metadata. Files are normal music library items. The app scans and indexes only those containing the magic header.

Status

✅ Core Python engine: encoding, decoding, encryption
✅ macOS SwiftUI app: file picker, passphrase entry, password browser
✅ Apple Developer Program enrolled
✅ TestFlight distribution
🔄 iOS port: in planning
🔄 Mac App Store submission: preparing

Stack

Core: Python 3.11, NumPy, scipy, cryptography
macOS: Swift, SwiftUI, PythonKit
Testing: pytest, hypothesis (property-based), blind A/B human testing
Distribution: TestFlight → Mac App Store → iOS App Store

Why This Matters

Security tools that look like security tools are targets. Security tools that look like everyday objects are invisible. This is a proof-of-concept for “security through obscurity done right” — not as the only layer, but as one layer in a defense-in-depth strategy.

Also: it’s just cool. Passwords hidden in music. That’s the kind of project that makes you want to build more.

Audio Password Agent — building since April 2026