Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

For those of you who heed warnings: do not use this anywhere, ever.

xkcdcrypt is a proof-of-concept file encryption tool. The concept it intends to demonstrate, in it's own small way, is that human-centered design results in higher-security implementations.

Credential stuffing, password spraying, and brute force are all principally mitigated by not tasking users to choose the password from which the encryption key is derived. Instead, a XKCD-style passphrase is randomly generated, and printed to the terminal after the encrypted copy is created. You can read more about XKCD-style passphrases in XKCD Explained.

The XKCD-style passphrase and a cryptographically random 128-bit salt are fed to the Argon2 key derivation function to derive a 256-bit key. Argon2 summarizes the state of the art in the design of password cracking resistance. You can read more about Argon2 in the Password Hashing Competition.

The 256-bit key is used in AES-SIV encryption and decryption operations. AES-SIV provides nonce reuse misuse resistance. You can read more about AES-SIV in the miscreant encryption library.

$ example.txt
Passphrase: correct-horse-battery-staple
example.txt encrypted as example.txt.xc

$ example.txt.xc
Passphrase: <correct-horse-battery-staple>
example.txt.xc decrypted as example.txt

$ example/
Passphrase: correct-horse-battery-staple
example encrypted as example.xc

$ example.xc
Passphrase: <correct-horse-battery-staple>
example.xc decrypted as example


A proof-of-concept file encryption tool for actual humans.



No releases published


No packages published