Comments (2)
The reason for the memory usage spike is that passphrase encryption is intentionally memory-hard, to help make the passphrase difficult to brute-force. Rather than trying to use the same passphrase on every file, I'd recommend a tiered approach:
- Generate an age identity and recipient for the user.
- Encrypt the age identity using an age passphrase.
Individual files are encrypted to the user's age recipient, and the encrypted files are uploaded along with the encrypted identity. As a neat side-effect, the user doesn't need their passphrase to encrypt their files (but if you wanted this to be "required" then just don't store the age recipient, requiring the user to download and decrypt their age identity to re-derive the recipient).
To decrypt multiple files, the user first downloads and decrypts their age identity using their passphrase, and then uses that to decrypt the individual files. The memory-hard step then only happens once, no matter how many files are being decrypted. Once finished, the user can forget about the age identity, because they can always re-download and re-decrypt as long as they remember their passphrase.
from rage.
Thanks! Your approach seems reasonable :)
from rage.
Related Issues (20)
- Grease data included in file header
- Only one identity sent to plugin in "identity-v1" phase when multiple are provided HOT 3
- RUSTSEC-2023-0071: Marvin Attack: potential key recovery through timing sidechannels
- Release v0.9.3? HOT 1
- Invalid scrypt work factor calculation on system with bad SystemTime precision
- v0.9 Breaking Change? HOT 5
- DX: Place i18n behind a feature flag. HOT 3
- `rage-keygen` overwrites existing key files since 0.6.0
- Expose fatal errors from `rage-keygen`
- Migrate away from `gumdrop` for argument parsing HOT 3
- UX: allow to use the shell process substitution to provide the identity file when decrypting HOT 1
- Name conflict with Rage the video player HOT 5
- Securerage HOT 1
- Publish new version HOT 3
- UX: How to derive the public key given a private key HOT 2
- Hard to understand error message when the identity file does not end with a \n
- Feature-parity with age: version flag HOT 2
- chezmoi add --encrypt missing recipient HOT 1
- age-plugin: Cannot create a plugin with *no* RecipientPlugin state
- UX: When identity file cannot be found, filename is not reported
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rage.