strlcat / tfcrypt Goto Github PK
View Code? Open in Web Editor NEWtfcrypt -- high security Threefish encryption tool.
License: Other
tfcrypt -- high security Threefish encryption tool.
License: Other
I have been using this command for generating keyfiles to use with tfcrypt:
sudo cat /dev/hwrng | sksum -D 1024 -n 1000000 -W -l 1024 > ./keyfile
My questions are: Is /dev/hwrng safe for getting random bytes to transform in a key with sksum?
Is this /dev/hwrng the hardware RNG which uses the processor RNG directly?
/dev/hwrng appeared when I installed rng-tools package from the Debian repository, it seems my processor (AMD Ryzen 5 1400) has a built in TRNG.
In cryptsetup (currently 2.4.3) there is an interesting option:
--keyfile-offset value
Skip value bytes at the beginning of the key file. Works with all commands that accept key files.
When used, the program skip X bytes defined by user when reading the key file.
It would be interesting for luring an adversary a little bit when trying to find a valid key for decryption.
I use tfcrypt for generating large keys (up to 1024-bits).
Linux is using Chacha20 CSPRNG in /dev/urandom since version 4.8+:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=818e607b57c94ade9824dad63a96c2ea6b21baf3
http://lkml.iu.edu/hypermail/linux/kernel/1607.3/00275.html
https://lwn.net/Articles/686033/
Chacha20 has a key space of 2^256 and a stream position counter of 2^64.
Does it make tfcrypt weaker when using this new /dev/urandom?
If an adversary could brute-force the entire Chacha20 key space and sweep across all 2^64 positions of its counter, he could guess the key much more easier instead of brute-forcing the entire Threefish key space excepting the tweak (it doesn't add bits of security because once knowing the correct key, calculating a tweak is easy).
I have some questions about Threefish used with OCB mode.
What is its block size? 4096-bytes (128*32) as TF-XTS?
And about its security, does it provide quadratic security? I mean, will it double the bits of security of the encipherment? As I can see a 128-bit chunk is added to the beginning of encrypted file when encrypting with "-c rand" option. If I keep the Threefish key and this data chunk secret, will the security of encryption be increased?
And for counter, what is its size? How many different block can this OCB implementation can encrypt?
And, are this OCB implementation the OCB3? OCB1 and 2 have security issues: https://en.wikipedia.org/wiki/OCB_mode#Attacks
I compiled my tfcrypt with full key option enabled in "tfcrypt_defs.h", I wanna know if the "-R" option uses full key (160 byte chunk) when seeded with a random source.
Hi,
how can I use tfcrypt with ffmpeg in command line / real time?
possible?
thanks
This option is relevant for who uses long passwords.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.