Skip to content
A proof-of-concept file encryption tool for actual humans.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

For those of you who heed warnings: do not use this anywhere, ever.

xkcdcrypt is a proof-of-concept file encryption tool. The concept it intends to demonstrate, in it's own small way, is that human-centered design results in higher-security implementations.

Credential stuffing, password spraying, and brute force are all principally mitigated by not tasking users to choose the password from which the encryption key is derived. Instead, a XKCD-style passphrase is randomly generated, and printed to the terminal after the encrypted copy is created. You can read more about XKCD-style passphrases in XKCD Explained.

The XKCD-style passphrase and a cryptographically random 128-bit salt are fed to the Argon2 key derivation function to derive a 256-bit key. Argon2 summarizes the state of the art in the design of password cracking resistance. You can read more about Argon2 in the Password Hashing Competition.

The 256-bit key is used in AES-SIV encryption and decryption operations. AES-SIV provides nonce reuse misuse resistance. You can read more about AES-SIV in the miscreant encryption library.

$ example.txt
Passphrase: correct-horse-battery-staple
example.txt encrypted as example.txt.xc

$ example.txt.xc
Passphrase: <correct-horse-battery-staple>
example.txt.xc decrypted as example.txt

$ example/
Passphrase: correct-horse-battery-staple
example encrypted as example.xc

$ example.xc
Passphrase: <correct-horse-battery-staple>
example.xc decrypted as example
You can’t perform that action at this time.