mirror of
https://github.com/HACKERALERT/Picocrypt.git
synced 2024-11-10 04:48:01 +00:00
Add keyfile explanation
This commit is contained in:
parent
1d2f2900cf
commit
85f908e50f
1 changed files with 14 additions and 4 deletions
18
Internals.md
18
Internals.md
|
@ -3,9 +3,19 @@ If you're wondering about how Picocrypt handles cryptography, you've come to the
|
||||||
|
|
||||||
# Core Cryptography
|
# Core Cryptography
|
||||||
Picocrypt uses the following cryptographic primitives:
|
Picocrypt uses the following cryptographic primitives:
|
||||||
- XChaCha20 (cascaded with Serpent for paranoid mode)
|
- XChaCha20 (cascaded with Serpent-CTR for paranoid mode)
|
||||||
- HMAC-SHA3 for normal mode, keyed-BLAKE2b for fast mode (256-bit key, 512-bit digest)
|
- HMAC-SHA3 for normal annd paranoid mode, keyed-BLAKE2b for fast mode (256-bit key, 512-bit digest)
|
||||||
- HKDF-SHA3-256 for deriving a subkey used with the MAC above
|
- HKDF-SHA3-256 for deriving a subkey used with the MAC above, as well as a key for Serpent
|
||||||
- Argon2id (8 passes, 1 GiB memory, 8 threads) for normal mode, (4 passes, 128 MiB memory, 4 threads) for fast mode
|
- Argon2id:
|
||||||
|
- Fast mode: 4 passes, 128 MiB memory, 4 threads
|
||||||
|
- Normal mode: 4 passes, 1 GiB memory, 4 threads
|
||||||
|
- Paranoid mode: 8 passes, 1 GiB memory, 8 threads
|
||||||
|
|
||||||
All primitives used are from the well-known golang.org/x/crypto module.
|
All primitives used are from the well-known golang.org/x/crypto module.
|
||||||
|
|
||||||
|
# Keyfile Design
|
||||||
|
Picocrypt allows the use of keyfiles as an additional (or only) form of authentication. Picocrypt's unique "Require correct order" feature enforces the user to drop keyfiles into the window in the exact same order as he/she did when encrypting, in order to decrypt the volume successfully. Here's how it works:
|
||||||
|
|
||||||
|
If "Require correct order" is not checked, Picocrypt will take the SHA3 hash of each file individually, and XORs the hashes together. Finally, the result is XORed to the master key. Because the XOR operation is both commutative and associative, the order in which the keyfiles hashes are XORed to each other doesn't matter -- the end result is the same.
|
||||||
|
|
||||||
|
If "Require correct order" is checked, Picocrypt will combine (concatenate) the files together in the order they were dropped into the window, and take the SHA3 hash of combined keyfiles. If the order is not correct, the keyfiles, when appended to each other, will result in a different file, and therefore a different hash. Thus, the correct order of keyfiles has been enforced.
|
||||||
|
|
Loading…
Reference in a new issue