Comments (7)
Adding to @kiwivogel and repeating my comment from HN here:
This tool is pretty unsafe and should not be used.
It is simply splitting the key in multiple pieces, thus for every piece you have, you gain additional information about the key, allowing for exponentially easier brute-forcing of the remaining key.
Example: Assume someone creates 3 horcruxes and you can get your hands on 2 of them. This gives you 85 bits of the full 128 bit key, thus you only need to brute force 43 bits for the rest. Of course you don't have the full data anyways, but you still learn about 2/3 of it.
An additional already existing tool is ssss which uses Shamir's Secret Sharing. http://point-at-infinity.org/ssss/ - or you use what's implemented by hashicorp.
from horcrux.
@simonerni what are your thoughts on having n separate keys when creating n horcruxes?
from horcrux.
@simonerni I've switched to using n full keys and it didn't have much of a performance cost for large files so I'm happy with that solution. As for Samir's secret sharing, I'll give that a look
from horcrux.
I've just downloaded ssss and given it a try. It only works for max 128 character secrets (unless I'm mistaken), whereas the purpose of my program is to encrypt whole files of arbitrary size. You could do a two-step where you use ssss to obtain the secret then another program to encrypt the original file but my plan was to make the program super easy to use for myself in 20 years time (which also means no dependencies, but ssss uses GnuPG)
I like the look of Hashicorp's approach, but the interface for those functions requires you have all the bytes you need in memory, which will cause issues for large files. Having said that, I could just change my approach to only do horcrux-y stuff regarding the key, and then use the key to encrypt the same file n times. Issue there being that each of the horcruxes will roughly be the same size as the original file, but I can't think of any way around that if I want to allow for horcrux thresholds (i.e. only requiring 3 out of 5 horcruxes).
I'll see what I can do
from horcrux.
@kiwivogel I've adapted the code (i.e. copied) from where you linked, and it works like a charm :) I believe I've done my due diligence by the mozilla MPL license (i.e. linking to the original code). Let me know if there's anything here I haven't addressed :)
from horcrux.
@simonerni what are your thoughts on having n separate keys when creating n horcruxes?
I assume in this scheme, each shard i
is encrypted with it's key k_i
. If you then store the encrypted shard e_i
and k_i
together, the original shard i
is trivially recovered by simply decrypting e_i
with k_i
again, so you could argue that in this scheme, no encryption is applied at all and the data has only been encoded in a convoluted way.
but I can't think of any way around that if I want to allow for horcrux thresholds (i.e. only requiring 3 out of 5 horcruxes).
There are erasure codes which allow you to do exactly this. Popular example are the reed solomon codes, with lots of implementations and even hardware acceleration in certain Intel processors.
from horcrux.
Proper way to do this is create a master key and then split/distribute that using shamir's I guess.
from horcrux.
Related Issues (20)
- Great minds think alike HOT 2
- Cant Bind files, no such File or directory HOT 2
- Number of required horcruxes differs between CLI and .horcrux files HOT 4
- Pieces are larger than the original HOT 2
- Suggestion: Use reed-solomon encoding to reduce data size HOT 1
- Hashes
- Split number of files as argument HOT 1
- Latest Github release at v0.3 didn't have attatched binary packages. HOT 1
- Suggestion: `--version` flag
- How to get soul into file? HOT 3
- Package available in chocolatey
- Are -t and -n options are available just before `split` subcommand?
- self-sufficient horcruxes
- [CI] - The process '/opt/hostedtoolcache/goreleaser-action/1.20.0/x64/goreleaser' failed with exit code 1 HOT 1
- Go-SSSA HOT 1
- Proposal: Small GUI
- Data Encryption - no Integrity HOT 3
- Option for XOR implementation HOT 2
- Customize format string for naming parts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from horcrux.