Skip to content
main
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

For those of you who heed warnings: do not use this anywhere, ever.

xkcdcrypt is a proof-of-concept file encryption tool. The concept it intends to demonstrate, in it's own small way, is that human-centered design results in higher-security implementations.

Credential stuffing, password spraying, and brute force are all principally mitigated by not tasking users to choose the password from which the encryption key is derived. Instead, a XKCD-style passphrase is randomly generated, and printed to the terminal after the encrypted copy is created. You can read more about XKCD-style passphrases in XKCD Explained.

The XKCD-style passphrase and a cryptographically random 128-bit salt are fed to the Argon2 key derivation function to derive a 256-bit key. Argon2 summarizes the state of the art in the design of password cracking resistance. You can read more about Argon2 in the Password Hashing Competition.

The 256-bit key is used in AES-SIV encryption and decryption operations. AES-SIV provides nonce reuse misuse resistance. You can read more about AES-SIV in the miscreant encryption library.

$ xkcdcrypt.py example.txt
Passphrase: correct-horse-battery-staple
example.txt encrypted as example.txt.xc

$ xkcdcrypt.py example.txt.xc
Passphrase: <correct-horse-battery-staple>
example.txt.xc decrypted as example.txt

$ xkcdcrypt.py example/
Passphrase: correct-horse-battery-staple
example encrypted as example.xc

$ xkcdcrypt.py example.xc
Passphrase: <correct-horse-battery-staple>
example.xc decrypted as example

About

A proof-of-concept file encryption tool for actual humans.

Resources

Releases

No releases published

Packages

No packages published

Languages