jesseduffield / horcrux Goto Github PK
View Code? Open in Web Editor NEWSplit your file into encrypted fragments so that you don't need to remember a passcode
License: MIT License
Split your file into encrypted fragments so that you don't need to remember a passcode
License: MIT License
I don't know if it was intentional. I checked the commit log and it looks like the changes were functional.
Could you upload the package to chocolatey? Thanks
None of the examples explain how to get your soul into the computer so you can put it into the horcrux.
作者好,请问是否考虑在 release 中也提供适用 darwin arm64 的版本?
我们现在正开发 x-cmd,尝试以 portable 方式提供大量的二进制工具,比如x-cmd pkg | horcrux
在使用 horcrux 的过程中,我们发现 release 中缺少 darwin arm64 版本,一般我们希望以作者作为二进制可信源头,这样可以减少自行编译可能给用户带来的未知问题。
谢谢。
It has indicated go-sssa in the comparison table that is not vulnerable to side channels attack:
https://github.com/dsprenkels/sss/blob/master/README.md#comparison-of-secret-sharing-libraries
The current implementation of the program appears to copy the encrypted file into each horcrux, which becomes pretty storage intensive with a larger file and more horcruxes.
n is the number of horcruxes, t the number needed to ressurect, s is size of the file, t ≤ n
Reed-solomon encoding can split the original file into n pieces, each piece has a size of s/t. Any combination of t pieces can be used to recreate the original file.
So the total space used by the horcruxes would be n*(s/t) instead of n*s.
This should also ensure the integrity of the data as the reconstruction of the file should fail if a piece is modified.
If I run horcrux -t 3 -n 5 split diary.txt
I get five .horcruxes, and each one contains
# THIS FILE IS A HORCRUX.
# IT IS ONE OF 5 HORCRUXES THAT EACH CONTAIN PART OF AN ORIGINAL FILE.
# THIS IS HORCRUX NUMBER 1.
# IN ORDER TO RESURRECT THIS ORIGINAL FILE YOU MUST FIND THE OTHER 4 HORCRUX(ES) AND THEN BIND THEM USING THE PROGRAM FOUND AT THE FOLLOWING URL
# https://github.com/jesseduffield/horcrux
-- HEADER --
[...]
-- BODY --
[...]
It says I must need this horcrux plus other four to resurrect the original file, while If I delete three horcruxes, ./horcrux bind .
returns
You do not have all the required horcruxes. There are 3 required to resurrect the original file. You only have 2
saying that I need at least (only) three horcruxes
Is this a feature? ; )
EDIT: I also noticed a t>n error:
.horcrux -n 5 split diary.txt
and enter t=99 I get the following message. Should the interval be "[2-5]" instead of "(2-99)"?How many horcruxes should be required to reconstitute the original file? If you require all horcruxes, the resulting files will take up less space, but it will feel less magical (2-99): 99
parts cannot be less than threshold
.horcrux -t 5 split diary.txt
and enter n=3 I get an error. Should the interval be "[5-inf]" instead of "(2-99)"?How many horcruxes do you want to split this file into? (2-99): 3
parts cannot be less than threshold
Unrelated request, is it possible to add armv7h
to the list of pre-released binaries?
The project uses an un-verified secret sharing scheme for the key, which can be sufficient given an appropriate thread model. But it should be detectable if the either the data or the key has been tampered with (of course, replacing them altogether is still possible, but the problem of authenticity is not tackled at all in this project, which again is ok for this project).
However, unauthenticated OFB encryption is used (essentially a stream cipher), which allows for arbitrary bitwise flips of the plaintext and is undetectable by this library.
Countermeasures:
It's no issue at the moment, as each key is only used once, but please use a random IV as well.
Maybe due to the latest release of GoReleaser (v1.20.0), the workflow "ci" is broken.
It's prefer to set number of files to be split as argument Instead of a question.
-number 33
Or it's a malformed documentation and it's right to use options after split
subcommand? I am asking as providing options before subcommand when they are not global is the bad idea: subcommand is like some sort of namespace which allows us access just some options and not all at once not to have a big mess.
[maus@lolcat bind]$ tree
.
├── folder
│ ├── split_1_of_3.horcrux
│ ├── split_2_of_3.horcrux
│ └── split_3_of_3.horcrux
└── horcrux
1 directory, 4 files
[maus@lolcat bind]$ ./horcrux bind folder/
2020/07/13 08:49:03 open split_1_of_3.horcrux: no such file or directory
How do I solve this Problem?
Thanks!
I'd like to customize the horcrux filenames using some format strings.
It does not need to be very flexible. Just some flexibility would be good enough.
Would be helpful to have a the standard -v / --version
flag, to show version and exit with a zero exit code.
One of the properties described at https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing is that SSS is "Minimal: The size of each piece does not exceed the size of the original data."
However, looking at the examples, each piece is 2.23 KB, larger than the original 1.75 KB.
Is that discrepancy an indication of a bug somewhere?
To guarantee the ability to recreate the original file from the horcruxes in the event that this repo would become lost there should be an option for the tool to return binary horcruxes that when executed run the horcrux program. Think like self extracting zip files in exe format.
So I can execute ./horcrux1 bind horcrux2 horcrux3
and recover the original file.
You could also look at implementing Shamir's so that you can create more parts but don't need all of them. Might be a fun project.
Could probably just import this library and use the split method if you want to be lazy about it :P
https://github.com/hashicorp/vault/blob/master/shamir/shamir.go
https://github.com/xkortex/passcrux
This town ain't big enough for two Harry-Potter-influenced Hashicorp-SSS-based data-splitting applications written in Golang...
So, wanna join forces?
:)
(Obviously, there's more than enough room in cyberspace, just was quoting the old spaghetti western trope :) )
Hi mate,
It seems the hashes are different to the ones listed. I'm very new to Github and development.
Can you please upload the current hashes?
Apologies in advance if I haven't understood something about the process.
Cheers
For users who want to require exactly N of N keys, XOR would be the safest, most performant, most reliable option.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.