Skip to content

Commit

Permalink
Update README
Browse files Browse the repository at this point in the history
  • Loading branch information
@hakavlad
hakavlad committed Jan 16, 2024
1 parent f0cdc00 commit 7b6bc99
Showing 1 changed file with 6 additions and 24 deletions.
30 changes: 6 additions & 24 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,6 @@

![screenshot: menu](https://i.imgur.com/T5gXTko.png)

## Features

- `tird` is a single Python module with no external dependencies (uses `hashlib` module from the standard library for keyfile hashing, keys derivation and for encryption).
- `tird` has no config file and no command line options (except `-d/--debug`). Looking at the shell history will not provide information on how `tird` was used.
- The result of encryption (mode 2) is [PURB](https://en.wikipedia.org/wiki/PURB_(cryptography))-like objects (call this "cryptoblob").
- Cryptoblobs are indistinguishable from random data.
- `tird` uses [randomized padding](https://en.wikipedia.org/wiki/Padding_(cryptography)#Randomized_padding) with max size up to 20% (by default) of the message size.
- `tird` allows you to hide cryptoblobs among other random data (mode 6), use arrays of any other random data as containers for hiding cryptoblobs. Thus, deniable encryption is implemented.
- Auxiliary modes (8 and 9) allow you to create arrays of random data: create files with random data (mode 8) and overwrite files or devices with random data (mode 9) for subsequent hiding of cryptoblobs.
- `tird` supports an unlimited number of passphrases and keyfiles for encryption.
- Directories and devices can also be used as keys.
- `tird` allows you to add comments (description) and an authentication tag to the encrypted file contents.
- Any file larger than a certain minimum size is a valid `tird` cryptoblob: the use of any keys when decrypting will give some output with the result `completed successfully`.
- `tird` only provides symmetric encryption with stream cipher based on XORing plaintext with keystream blocks.
- SHAKE256 XOF output is used to create keystream blocks.
- When encrypting, you can set custom values: randomized padding max %, catpig memory-hard function space and time, and optionally add fake authentication tag.
- `tird` can also be called software for steganography: a cryptoblob can be written over a flash drive or disk. Then the existence of a cryptoblob cannot be detected without statistical analysis to identify areas of high entropy (even this will only suspect, not prove the existence of a cryptoblob).
- If random data is encrypted with default options (without MAC and comments specified), then it is impossible to prove that this or that key was used for encryption: the decryption result will always be random data.
- `tird` does not force you to use any standard extension for output file names. The name of the output file is always set by the user.
- Keyed `BLAKE2b` is used for creating message authentication code (MAC is added by default and can be optionally faked). Adding a MAC will help you check the integrity of the data when decrypting.
- `tird` does not provide reliable data on whether the entered dectyption keys are correct. This is based on the fact that adding an authentication tag is optional. If a MAC was added during encryption, then when using the correct key, it can be reported "authentication failed!" and "completed successfully". If the MAC was not added during encryption (this is the default behavior), then the only way to find out to pick up the correct key is to statistically analyze the output files.

## Cryptoblob structure
```
512B 0+B
Expand Down Expand Up @@ -59,7 +37,7 @@
- `tird` does not wipe sensitive data from the heap.
- `tird` can only encrypt one file per iteration. Encryption of directories and multiple files is not supported.
- `tird` does not fake file timestamps (atime, mtime, ctime).
- `tird` encryption/decryption speed is not very fast: up to 186 MiB/s.
- `tird` encryption speed is not very fast: up to 186 MiB/s (in my tests).

## Warnings

Expand Down Expand Up @@ -101,9 +79,13 @@ $ tird
$ pip install tird
```

## TODO

Write docs.

## Feedback

Test reports are welcome. Feel free to post any questions, feedback or criticisms to the [Issues](https://github.com/hakavlad/tird/issues).
Test reports are welcome. Feel free to post any questions, feedback or criticisms to the [Discussions](https://github.com/hakavlad/tird/discussions).

## License

Expand Down

0 comments on commit 7b6bc99

Please sign in to comment.