From b27213506db277976ee309249b7dc6067cd9f8c9 Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Wed, 28 Jan 2026 16:16:53 -0700 Subject: [PATCH] added switch from sha256/512 to argon2id to next urgent --- Notes-Scratch-Prose.md | 5 +++-- TODO.md | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Notes-Scratch-Prose.md b/Notes-Scratch-Prose.md index c4cafb9..3b03bfd 100644 --- a/Notes-Scratch-Prose.md +++ b/Notes-Scratch-Prose.md @@ -1,7 +1,8 @@ # Notes ## Cryptographic Questions -- are any of the sha digests biased or biasable? - - if so, try scrypt or even argon2id? +- ~~are any of the sha digests biased or biasable?~~ + - ~~if so, try scrypt or even argon2id?~~ + - __switching to argon2id__ - are the passphrase or salt settings too high? are they diminishing returns or even counterproductive? - if so, what are some more optimal settings? ## Implementation Questions diff --git a/TODO.md b/TODO.md index 3f9aff2..75594b4 100644 --- a/TODO.md +++ b/TODO.md @@ -1,6 +1,10 @@ +# TODO NEXT (urgent) +- ditch sha256/512 for argon2id with some sensible settings + - sha256/512 is too fast to be robustly secure + # TODO - 7zip compression encrypted/non-encrypted - - `.random_noise.bin` file in public output pre encrypted compress, filled with random binary, to break sig checks if they are in play + - `.$random_hidden_filename` file in public output pre encrypted compress, filled with secure random binary, to break sig checks if they are in play - helper txt - cmds to all-in-one hash checks? - script?