added switch from sha256/512 to argon2id to next urgent
This commit is contained in:
@@ -1,7 +1,8 @@
|
|||||||
# Notes
|
# Notes
|
||||||
## Cryptographic Questions
|
## Cryptographic Questions
|
||||||
- are any of the sha digests biased or biasable?
|
- ~~are any of the sha digests biased or biasable?~~
|
||||||
- if so, try scrypt or even argon2id?
|
- ~~if so, try scrypt or even argon2id?~~
|
||||||
|
- __switching to argon2id__
|
||||||
- are the passphrase or salt settings too high? are they diminishing returns or even counterproductive?
|
- are the passphrase or salt settings too high? are they diminishing returns or even counterproductive?
|
||||||
- if so, what are some more optimal settings?
|
- if so, what are some more optimal settings?
|
||||||
## Implementation Questions
|
## Implementation Questions
|
||||||
|
|||||||
@@ -1,6 +1,10 @@
|
|||||||
|
# TODO NEXT (urgent)
|
||||||
|
- ditch sha256/512 for argon2id with some sensible settings
|
||||||
|
- sha256/512 is too fast to be robustly secure
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
- 7zip compression encrypted/non-encrypted
|
- 7zip compression encrypted/non-encrypted
|
||||||
- `.random_noise.bin` file in public output pre encrypted compress, filled with random binary, to break sig checks if they are in play
|
- `.$random_hidden_filename` file in public output pre encrypted compress, filled with secure random binary, to break sig checks if they are in play
|
||||||
- helper txt
|
- helper txt
|
||||||
- cmds to all-in-one hash checks?
|
- cmds to all-in-one hash checks?
|
||||||
- script?
|
- script?
|
||||||
|
|||||||
Reference in New Issue
Block a user