You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(Not sure if submitting an issue is the right place to ask this, feel free to direct me elsewhere)
I'm trying to understand what the purpose of a separate key is in the implementation of tomb. The REAME states that "one always needs both the tomb and the key, plus its password, to access [the data in the tomb]." Does this if the attacker has both the secret.tomb file and the secret.tomb.key file but not the password, they would still be unable to access the data?
The reason I'm confused by this is that if this were true couldn't we store the key and the .tomb file as one combined file? For example we could use the first X bytes to store the key. Then the command tomb dig -s 100 secret.tomb
could ask for the password directly, automatically generate the secret.tomb.key and append it to the secret.tomb file. The steps of
wouldn't be needed anymore. That would simplify the workflow for users, so I assume there's a reason we store the .tomb.key separately. Is there a security reason we store the key separately from the secret.tomb file or am I missing something?
Thanks!
The text was updated successfully, but these errors were encountered:
dyne
locked and limited conversation to collaborators
Nov 27, 2022
(Not sure if submitting an issue is the right place to ask this, feel free to direct me elsewhere)
I'm trying to understand what the purpose of a separate key is in the implementation of tomb. The REAME states that "one always needs both the tomb and the key, plus its password, to access [the data in the tomb]." Does this if the attacker has both the secret.tomb file and the secret.tomb.key file but not the password, they would still be unable to access the data?
The reason I'm confused by this is that if this were true couldn't we store the key and the .tomb file as one combined file? For example we could use the first X bytes to store the key. Then the command
tomb dig -s 100 secret.tomb
could ask for the password directly, automatically generate the secret.tomb.key and append it to the secret.tomb file. The steps of
wouldn't be needed anymore. That would simplify the workflow for users, so I assume there's a reason we store the .tomb.key separately. Is there a security reason we store the key separately from the secret.tomb file or am I missing something?
Thanks!
The text was updated successfully, but these errors were encountered: