v1.2
This commit is contained in:
@@ -1,81 +0,0 @@
|
|||||||
# Verifiably, Attributably Secure Archives
|
|
||||||
For when you need to distribute information anonymously, but wish to keep it provably full and intact, but _also_ wish to have options to prove attribution.
|
|
||||||
|
|
||||||
## Writeup
|
|
||||||
### Purpose
|
|
||||||
todo
|
|
||||||
### Method
|
|
||||||
todo
|
|
||||||
### Issues
|
|
||||||
- two-way deanonymization is assumed when either method to attribute is used
|
|
||||||
- when sha512 method is used, originator is assumed to be the owner of the ed25519 key and vice versa
|
|
||||||
- any reveal of either signed note or sha512 attribution passphrase, the other is assumed to belong to the same entity
|
|
||||||
- opsec failures can result in two-way deanonymization
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
### Installation
|
|
||||||
todo
|
|
||||||
### Usage
|
|
||||||
todo
|
|
||||||
|
|
||||||
## todo
|
|
||||||
1. x validate attribution thing
|
|
||||||
2. clean up output
|
|
||||||
3. x **fix password audit!**
|
|
||||||
4. x sanity checks
|
|
||||||
5. this README.md
|
|
||||||
6. x the README-instructions.txt and placedment for archive
|
|
||||||
7. x passphrase strength/length checks
|
|
||||||
8. sha256 mode with independant passphrase(?)
|
|
||||||
9. encrypt archive option
|
|
||||||
1. inner
|
|
||||||
1. goes first
|
|
||||||
2. gets passphrase
|
|
||||||
3. tests passphrase
|
|
||||||
4. generates txt file backup
|
|
||||||
5. then tests with passphrase
|
|
||||||
2. outer
|
|
||||||
1. goes second
|
|
||||||
2. gets passphrase
|
|
||||||
3. tests passphrase
|
|
||||||
4. generates txt file backup
|
|
||||||
5. then tests with passphrase
|
|
||||||
10. x random data optional
|
|
||||||
1. x `read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."`
|
|
||||||
2. x now only takes up 2Kb!
|
|
||||||
3. x only use 128 bytes (1024 bits) x 2
|
|
||||||
1. x `openssl rand -out "$out_dir/.$RANDOM" 128`
|
|
||||||
2. x `openssl rand -out "$inner_dir/.$RANDOM" 128`
|
|
||||||
3. x `find "$out_dir" -type f -name ".*" -exec chown $USER:$USER "{}" \;`
|
|
||||||
4. x `find "$out_dir" -type f -name ".*" -exec chmod 600 "{}" \;`
|
|
||||||
11. writeup in this README
|
|
||||||
12. usage in this README
|
|
||||||
13. specification definition
|
|
||||||
1. Specification.md
|
|
||||||
14. FileMap.md
|
|
||||||
15. x function: passphrase checkin
|
|
||||||
1. x match
|
|
||||||
2. x pass cracklib-check
|
|
||||||
3. x =>35 chars long
|
|
||||||
4. x pass call to haveibeenpwned.com api
|
|
||||||
16. x exit trap with cleanup
|
|
||||||
|
|
||||||
## Changelog
|
|
||||||
- reduced random data to 2x 10Kb
|
|
||||||
- reduced random data to 2x 1Kb
|
|
||||||
- added password strength check with cracklib-check
|
|
||||||
- cleaned up output
|
|
||||||
- added housekeeping
|
|
||||||
- set perms and ownership on archives and keystore to minimum
|
|
||||||
- shred all erronious files and dirs
|
|
||||||
- cleaned up code
|
|
||||||
- better rng
|
|
||||||
- better passphrase check
|
|
||||||
- checks for exact match
|
|
||||||
- minimum of 35 chars
|
|
||||||
- checks with cracklib-check
|
|
||||||
- checks online with haveibeenpwned.com
|
|
||||||
- bug fixes
|
|
||||||
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
|
|
||||||
- better antiforensics by unsetting vars and cleaning up on exit
|
|
||||||
- actually workan password checks
|
|
||||||
Reference in New Issue
Block a user