Skip to content

A proof-of-concept file encryption tool for actual humans

Notifications You must be signed in to change notification settings

commit-dkp/xkcdcrypt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

For those of you who heed warnings: do not use this anywhere, ever.

xkcdcrypt is a proof-of-concept file encryption tool. The concept it intends to demonstrate, in its own small way, is that human-centered design results in higher-security implementations.

Credential stuffing, password spraying, and brute force are all principally mitigated by not tasking users to choose the password from which the encryption key is derived. Instead, a XKCD-style passphrase is randomly generated, and printed to the terminal. You can read more about XKCD-style passphrases in XKCD Explained.

The XKCD-style passphrase and a cryptographically random 128-bit salt are fed to the Argon2 key derivation function to derive a 256-bit key. Argon2 summarizes the state of the art in the design of password cracking resistance. You can read more about Argon2 in the Rust Crypto crate.

The 256-bit key is used in AES-GCM-SIV encryption and decryption operations. AES-GCM-SIV provides nonce reuse misuse resistance. You can read more about AES-GCM-SIV in the Rust Crypto crate.

$ xkcdcrypt example.txt
Passphrase: correct-horse-battery-staple
example.txt encrypted as example.txt.xc

$ xkcdcrypt example.txt.xc
Passphrase: <correct-horse-battery-staple>
example.txt.xc decrypted as example.txt

$ xkcdcrypt example/
Passphrase: correct-horse-battery-staple
example encrypted as example.xc

$ xkcdcrypt example.xc
Passphrase: <correct-horse-battery-staple>
example.xc decrypted as example

About

A proof-of-concept file encryption tool for actual humans

Topics

Resources

Stars

Watchers

Forks

Languages