Technical overview

High-level description of how Hider — Image Scrambler processes images on your PC. This is not a formal cryptographic specification.

What the app does

Hider — Image Scrambler rearranges pixels in an image using an order derived from your password. The file stays a valid PNG, JPEG or WEBP with the same dimensions; visually it looks like noise until you decrypt with the same password. No separate key file or metadata block is added—the password is the secret.

SHA-256 and pixel permutation

Your password is hashed with SHA-256 to produce a 256-bit value. That value seeds a deterministic pseudo-random sequence used to compute a permutation of all pixel positions (a bijection: each source pixel maps to exactly one destination slot).

Encryption applies this permutation to RGB(A) pixel data; decryption applies the inverse permutation. Anyone who does not know the password cannot recover the original ordering without guessing the password.

This is not the same as AES-style byte encryption of the file payload; it is position scrambling of pixels. Strength depends strongly on password choice and threat model.

Wrong password behaviour

If you decrypt with a different password, the app still produces a valid image: another deterministic scramble, not an error dialog. That avoids leaking hints to someone trying many passwords.

PNG, JPEG & WEBP

Supported inputs are PNG, JPEG and WEBP. PNG and WEBP are saved losslessly in their original format, preserving every pixel for perfect decryption. JPEG input is saved as PNG, because re-encoding JPEG is lossy and would corrupt the exact pixel values decryption depends on. Avoid re-saving encrypted files through other tools if you need decryption to remain reliable.

Double-layer encryption

You can encrypt twice with two different passwords and decrypt in reverse order. Each layer applies its own permutation derived from its password.

Operational limits

  • Dimensions must stay identical. Resizing, cropping, or recompression that changes pixel dimensions or destroys exact pixel values can make decryption irreversible.
  • Offline core: Encrypt/decrypt runs locally; opening external links (e.g. from About) uses your browser separately.
  • No cloud recovery: If you lose the password, the image cannot be restored.

For product FAQs, see the home page FAQ.