updooted stuffs to add memory shreddannn

This commit is contained in:
2024-09-12 21:52:48 -06:00
parent b70c3cc0c4
commit c41d5ab89e
2 changed files with 28 additions and 6 deletions
+13
View File
@@ -1,6 +1,19 @@
# hiddencrypto
Silly lil script for using [scrypt](https://github.com/Tarsnap/scrypt), [secure-delete (srm)](https://github.com/BlackArch/secure-delete), and tar to open and close an encrypted (scrypt) and compressed (bz2) and shred (srm) any lingering data immediately.
## Textwall about the frickin thing
Made a silly little little script to actually do encryption and decryption of a directory the way it should be done.
I was totally fucked off by the normie file encryption utilities like Veracrypt,. Cryptomator and `openssl enc` because in practice they have a couple absolutely glaring flaws.
For one, they are STILL using PMDKF2 as the KDF (Key Derivation Function, the algo that deterministically generates the 256-bit key from a passphrase) and the simple truth is that PBDKF2 is criminally outdated and no ever increasing number of iterations into the millions and millions are ever gonna change that.
So, I selected the gigachad KDF, Scrypt to generate the 256-bit key. It features appx.10 billion times the hardware cost to crack vs `openssl enc` it has appx. 20,000 times greater hardware cost to crack vs PBDK2 with any number of iterations, and appx. 4,000 times the hardware cost to crack vs Bcrypt, the algo used to hash Linux passwords.
Scrypt is stable and solid, and has passed countless rounds of cryptanalysis and revision by Cypherpunks and the wider cryptography community, so it should be quite cryptographically secure.
The oither glaring issue that the normie cryptography utilities had was the fact that when files are moved to the volume, there is no shredding of the "ghost" file at the location it camer from, and in some cases, even left data traes on the disk without securely shredding them to clean up.
To that end, I'm using the secure-delete package to secure wipe any temporary or ghost bytes off the record.
srm is used to delete files and directories immediately upon compl,eting the next step successfully.. smem
hiddencrypto will also have an option to wide empty space on a given disk for convenience.
## Back Up Your Shit
* This script is probably as unstable as I am and will probably end up nuking your files
* If you lose your passphrase or type it in wrong twice on encryption, your data has gone bye bye
+15 -6
View File
@@ -12,14 +12,16 @@ encrypty(){
tar cfj $encrypted_volume_name $dir_to_encrypt
# check success of previous or die
echo "Sucesfully Compressed, Shredding Directory..."
srm -rz $dir_to_encrypt
./secure-delete/srm -rz $dir_to_encrypt
# check success of previous or die
echo "Successfully Shredded Directory, Encrypting. Please Input Passphrase..."
scrypt enc $encrypted_volume_name $encrypted_archive_name
# check success of previous or die
echo "Successfully Encrypted, Shredding Archive..."
srm -rz $encrypted_volume_name
./secure-delete/srm -rz $encrypted_volume_name
# check success of previous or die
echo "Shredding deallocated RAM..."
./secure-delete/smem -l
echo "Success: Done"
}
@@ -29,13 +31,13 @@ decrypty(){
scrypt dec $encrypted_archive_name $encrypted_volume_name
# check success of previous or die
echo "Successfully Decrytped, Shredding Encrypted Archive..."
srm -rz $encrypted_archive_name
./secure-delete/srm -rz $encrypted_archive_name
# check success of previous or die
echo "Successfully Shredded Encrypted Archive, Decompressing..."
tar xfj $encrypted_volume_name
# check success of previous or die
echo "Successfully Decompressed Decrypted Archive, Shredding Decrypted Archive..."
srm -rz $encrypted_volume_name
./secure-delete/srm -rz $encrypted_volume_name
# check success of previous or die
echo "Success: Done"
}
@@ -45,12 +47,19 @@ if [ "$1" = "enc" ]; then
elif [ "$1" = "dec" ]; then
decrypty
elif [ $1 = "install" ]; then
if ! [ -f "$(command -v scrypt)" ] && [ -f "$(command -v srm)" ] && [ -f "$(command -v tar)" ]; then
if ! [ -f "$(command -v scrypt)" ] && [ -f "$(command -v tar)" ] && [ -f "$(command -v make)" ]; then
echo "Needed Applications Not Found, Installing..."
sudo apt install scrypt secure-delete tar
sudo apt install scrypt secure-delete tar build-essential
echo "Success: Installed"
fi
if ! [ -d "./secure-delete" ]; then
git clone https://github.com/BlackArch/secure-delete.git
cd secure-delete
sed -i -e 's/-mpreferred-stack-boundary=2//g' Makefile
make > /dev/null
fi
if ! [ -d $dir_to_encrypt ]; then
echo "$dir_to_encrypt Not Found, Creating..."
mkdir $dir_to_encrypt