81 lines
2.7 KiB
Markdown
81 lines
2.7 KiB
Markdown
# Verifiably, Attributably Secure Archives
|
|
For when you need to distribute information anonymously, but wish to keep it provably full and intact, but _also_ wish to have options to prove attribution.
|
|
|
|
## Writeup
|
|
### Purpose
|
|
todo
|
|
### Method
|
|
todo
|
|
### Issues
|
|
- two-way deanonymization is assumed when either method to attribute is used
|
|
- when sha512 method is used, originator is assumed to be the owner of the ed25519 key and vice versa
|
|
- any reveal of either signed note or sha512 attribution passphrase, the other is assumed to belong to the same entity
|
|
- opsec failures can result in two-way deanonymization
|
|
|
|
## Usage
|
|
### Installation
|
|
todo
|
|
### Usage
|
|
todo
|
|
|
|
## todo
|
|
1. x validate attribution thing
|
|
2. clean up output
|
|
3. x **fix password audit!**
|
|
4. x sanity checks
|
|
5. this README.md
|
|
6. x the README-instructions.txt and placedment for archive
|
|
7. x passphrase strength/length checks
|
|
8. sha256 mode with independant passphrase(?)
|
|
9. encrypt archive option
|
|
1. inner
|
|
1. goes first
|
|
2. gets passphrase
|
|
3. tests passphrase
|
|
4. generates txt file backup
|
|
5. then tests with passphrase
|
|
2. outer
|
|
1. goes second
|
|
2. gets passphrase
|
|
3. tests passphrase
|
|
4. generates txt file backup
|
|
5. then tests with passphrase
|
|
10. x random data optional
|
|
1. x `read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."`
|
|
2. x now only takes up 2Kb!
|
|
3. x only use 128 bytes (1024 bits) x 2
|
|
1. x `openssl rand -out "$out_dir/.$RANDOM" 128`
|
|
2. x `openssl rand -out "$inner_dir/.$RANDOM" 128`
|
|
3. x `find "$out_dir" -type f -name ".*" -exec chown $USER:$USER "{}" \;`
|
|
4. x `find "$out_dir" -type f -name ".*" -exec chmod 600 "{}" \;`
|
|
11. writeup in this README
|
|
12. usage in this README
|
|
13. specification definition
|
|
1. Specification.md
|
|
14. FileMap.md
|
|
15. x function: passphrase checkin
|
|
1. x match
|
|
2. x pass cracklib-check
|
|
3. x =>35 chars long
|
|
4. x pass call to haveibeenpwned.com api
|
|
16. x exit trap with cleanup
|
|
|
|
## Changelog
|
|
- reduced random data to 2x 10Kb
|
|
- reduced random data to 2x 1Kb
|
|
- added password strength check with cracklib-check
|
|
- cleaned up output
|
|
- added housekeeping
|
|
- set perms and ownership on archives and keystore to minimum
|
|
- shred all erronious files and dirs
|
|
- cleaned up code
|
|
- better rng
|
|
- better passphrase check
|
|
- checks for exact match
|
|
- minimum of 35 chars
|
|
- checks with cracklib-check
|
|
- checks online with haveibeenpwned.com
|
|
- bug fixes
|
|
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
|
|
- better antiforensics by unsetting vars and cleaning up on exit
|
|
- actually workan password checks |