Hide your secrets in the slop
Need a secret? Generate one here, or load an existing one.
Paste the secret blob you received + enter the password.
You know how AI generates endless streams of generic text? Blog posts, emails, essays about nothing? That's slop.
We weaponized it.
SlopCrypt hides your secret messages inside AI-generated text. The cover text looks like normal LLM output, but each word encodes a few bits of your encrypted payload.
Using arithmetic coding, each token encodes a variable number of bits based on the model's probability distribution. Higher entropy contexts encode more bits; low entropy tokens (where the model is very confident) can be skipped entirely for more natural text.
Your message is protected by multiple layers:
Even if someone suspects the text contains a message, they can't extract it without your secret + password.
Frequency analysis? Never heard of her.
This is an experimental project that has not been audited by security professionals. The cryptographic primitives (AES-256-GCM, PBKDF2) are standard, but the overall system design hasn't been vetted. Don't rely on this if your life or liberty depends on it.
Everything runs in your browser. The LLM runs locally via WebAssembly—your messages, secrets, and cover text never leave your device. No servers, no tracking, no trust required.
The model (~150MB) is downloaded once and cached in your browser. After that, it's all local, all the time.
Q: Do I need to load a model?
A: Yes! Select a model from the dropdown and click "Load Model". Both sender and receiver must use the same model. There's also a mock client for testing the UI.
Q: Which model should I use?
A: It depends on your priorities:
• SmolLM2-135M (~150MB) — Fastest, but output looks more "sloppy"
• SmolLM2-360M (~380MB) — Better quality, still quick
• Qwen2.5-0.5B (~530MB) — Good balance of quality and speed
• SmolLM2-1.7B (~1.8GB) — Best quality, but slower and uses more RAM
Larger models produce more natural-sounding text. Smaller K values (like K=4) also improve quality but reduce encoding density.
Q: How do I share the secret with someone?
A: Generate a secret, copy the blob, and send it + the password through a secure channel (Signal, encrypted email, etc.). They'll paste it in to decode your messages.
Q: Why "slop"?
A: It's internet slang for low-quality AI-generated content. We're reclaiming it for good (or at least for fun).
Q: Has this been security audited?
A: No. This is an experimental project that hasn't been reviewed by security professionals. Don't rely on it if your life or liberty depends on it. The cryptographic primitives (AES-256-GCM, PBKDF2) are standard, but the overall system hasn't been vetted.
Q: Who made this?
A: This was vibecoded—a human mass-produced tokens with Claude until something useful fell out. The LLM stared into the abyss of token probabilities, and the abyss stared back. We're just being honest about our slop-making process.
Academic papers and implementations we learned from: