This commit is contained in:
2024-09-12 22:58:28 -06:00
parent 638414b873
commit d79c89fd37
4 changed files with 18 additions and 92 deletions
+7 -5
View File
@@ -2,17 +2,19 @@
Silly lil script for using [scrypt](https://github.com/Tarsnap/scrypt), [secure-delete (srm)](https://github.com/BlackArch/secure-delete), and tar to open and close an encrypted (scrypt) and compressed (bz2) and shred (srm) any lingering data immediately.
## Textwall about the frickin thing
Made a silly little little script to actually do encryption and decryption of a directory the way it should be done.
Encryption MY way!
I was totally fucked off by the normie file encryption utilities like Veracrypt,. Cryptomator and `openssl enc` because in practice they have a couple absolutely glaring flaws.
For one, they are STILL using PMDKF2 as the KDF (Key Derivation Function, the algo that deterministically generates the 256-bit key from a passphrase) and the simple truth is that PBDKF2 is criminally outdated and no ever increasing number of iterations into the millions and millions are ever gonna change that.
So, I selected the gigachad KDF, Scrypt to generate the 256-bit key. It features appx.10 billion times the hardware cost to crack vs `openssl enc` it has appx. 20,000 times greater hardware cost to crack vs PBDK2 with any number of iterations, and appx. 4,000 times the hardware cost to crack vs Bcrypt, the algo used to hash Linux passwords.
So, I selected the gigachad KDF, Scrypt to generate the 256-bit key. It features appx. 10 billion times the hardware cost to crack vs `openssl enc` it has appx. 20,000 times greater hardware cost to crack vs PBDK2 with any number of iterations, and appx. 4,000 times the hardware cost to crack vs Bcrypt, the algo used to hash Linux passwords.
Scrypt is stable and solid, and has passed countless rounds of cryptanalysis and revision by Cypherpunks and the wider cryptography community, so it should be quite cryptographically secure.
The oither glaring issue that the normie cryptography utilities had was the fact that when files are moved to the volume, there is no shredding of the "ghost" file at the location it camer from, and in some cases, even left data traes on the disk without securely shredding them to clean up.
The other glaring issue that the normie cryptography utilities had was the fact that when files are moved to the volume, there is no shredding of the "ghost" file at the location it camer from, and in some cases, even left data traes on the disk without securely shredding them to clean up.
To that end, I'm using the secure-delete package to secure wipe any temporary or ghost bytes off the record.
srm is used to delete files and directories immediately upon compl,eting the next step successfully.. smem
hiddencrypto will also have an option to wide empty space on a given disk for convenience.
srm is used to delete files and directories immediately upon compl,eting the next step successfully.
smem is used to wipe unallocated RAM to ensure that no remaning traces of data are left in memory even with a sophisticated memory forensics or cold boot attack.
//todo: There will also have an option to wide empty space on a given disk for convenience.
//todo: A feature that shreds the first 1024 bytes of the encrypted archive so that the data is completely nuked and unrecoverable even with the passphrase. The feature should be easily integrated into other systems such that a nuke order can be executed from any custom event or trigger e.g. Alexa command, key combination on another comptuer, time based dead man's switch, etc.
## Back Up Your Shit
* This script is probably as unstable as I am and will probably end up nuking your files
+4 -4
View File
@@ -21,7 +21,7 @@ encrypty(){
srm -rz $encrypted_volume_name
echo "Wiping deallocated RAM..."
sudo ./.secure-delete/smem -l -v
sudo smem -ll # -ll is a single overwrite mode with 0xFF, single mode used for speed
echo "Success: Encryption Done"
}
@@ -42,7 +42,7 @@ decrypty(){
srm -rz $encrypted_volume_name
echo "Shredding deallocated RAM..."
sudo smem -l
sudo smem -ll # -ll is a single overwrite mode with 0xFF, single mode used for speed
echo "Success: Done"
}
@@ -52,7 +52,7 @@ if [ "$1" = "enc" ]; then
elif [ "$1" = "dec" ]; then
decrypty
elif [ $1 = "install" ]; then
if ! [ -f "$(command -v scrypt)" ] && [ -f "$(command -v tar)" ] && [ -f "$(command -v gcc)" ]; then
if ! [ -f "$(command -v scrypt)" ] && [ -f "$(command -v tar)" ] && [ -f "$(command -v make)" ]; then
echo "Needed Applications Not Found, Installing..."
sudo apt install scrypt secure-delete tar build-essential
echo "Success: Installed"
@@ -68,7 +68,7 @@ elif [ $1 = "install" ]; then
echo "Cleaning Up From Build..."
cd ..
rm -rf /.secure-delete
srm -rz /.secure-delete
echo "Success: secure-delete Installed"
fi
-71
View File
@@ -1,71 +0,0 @@
#!/bin/sh
# fail on error
set -e
dir_to_encrypt=./to_encrypt
encrypted_archive_name=./.volume.bin
encrypted_volume_name=./encrypted_volume.tar.bz2
encrypty(){
echo "Compressing Directory..."
tar cfj $encrypted_volume_name $dir_to_encrypt
# check success of previous or die
echo "Sucesfully Compressed, Shredding Directory..."
./secure-delete/srm -rz $dir_to_encrypt
# check success of previous or die
echo "Successfully Shredded Directory, Encrypting. Please Input Passphrase..."
scrypt enc $encrypted_volume_name $encrypted_archive_name
# check success of previous or die
echo "Successfully Encrypted, Shredding Archive..."
./secure-delete/srm -rz $encrypted_volume_name
# check success of previous or die
echo "Wiping deallocated RAM..."
sudo ./.secure-delete/smem -l -v
echo "Success: Done"
}
decrypty(){
echo "Starting..."
echo "Decrypting. Please Input Passphrase..."
scrypt dec $encrypted_archive_name $encrypted_volume_name
# check success of previous or die
echo "Successfully Decrytped, Shredding Encrypted Archive..."
./.secure-delete/srm -rz $encrypted_archive_name
# check success of previous or die
echo "Successfully Shredded Encrypted Archive, Decompressing..."
tar xfj $encrypted_volume_name
# check success of previous or die
echo "Successfully Decompressed Decrypted Archive, Shredding Decrypted Archive..."
./.secure-delete/srm -rz $encrypted_volume_name
# check success of previous or die
echo "Shredding deallocated RAM..."
sudo ./.secure-delete/smem -l -v
echo "Success: Done"
}
if [ "$1" = "enc" ]; then
encrypty
elif [ "$1" = "dec" ]; then
decrypty
elif [ $1 = "install" ]; then
if ! [ -f "$(command -v scrypt)" ] && [ -f "$(command -v tar)" ] && [ -f "$(command -v make)" ]; then
echo "Needed Applications Not Found, Installing..."
sudo apt install scrypt secure-delete tar build-essential
echo "Success: Installed"
fi
if ! [ -f "./.secure-delete/smem" ]; then
echo "Building Edited secure-delete Utilities..."
cd ./.secure-delete && make
fi
if ! [ -d $dir_to_encrypt ]; then
echo "$dir_to_encrypt Not Found, Creating..."
mkdir $dir_to_encrypt
fi
echo "Success: Ready to use"
else
echo "Usage:\nEncrypt:\n\tsh hiddencrypto.sh enc\nDecrypt:\n\tsh hiddencrypto.sh dec\nInstall:\n\tsh hiddencrypto.sh install"
fi
-5
View File
@@ -1,5 +0,0 @@
srm is from the secure-delete package
srm -rz to_encrypt
srm -rz .volume.bin
srm -rz encrypted_volume.tar.bz2