From be7fb0989d34c8dbe11892230841232db635dc33 Mon Sep 17 00:00:00 2001 From: Alexey Avramov Date: Wed, 16 Oct 2024 22:41:33 +0900 Subject: [PATCH] Update README --- README.md | 44 ++++++++++++-------------------------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index ef13e89..fd04228 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,6 @@ With `tird`, you can: 4. Create [steganographic](https://en.wikipedia.org/wiki/Steganography) (hidden, undetectable) user-driven file systems inside container files and devices. Unlike [VeraCrypt](https://veracrypt.fr) and [Shufflecake](https://shufflecake.net/) containers, `tird` containers do not contain headers at all; the user specifies the location of the data in the container and is responsible for ensuring that this location is separated from the container. 5. Resist [coercive](https://en.wikipedia.org/wiki/Coercion) attacks (keywords: [key disclosure law](https://en.wikipedia.org/wiki/Key_disclosure_law), [rubber-hose cryptanalysis](https://en.wikipedia.org/wiki/Deniable_encryption), [xkcd 538](https://xkcd.com/538/)). `tird` provides some forms of [plausible deniability](https://en.wikipedia.org/wiki/Plausible_deniability) out of the box, even if you encrypt files without hiding them in containers. ---- - ## Goals - **File Protection:** Ensuring protection for individual files, including: @@ -32,8 +30,6 @@ With `tird`, you can: - **Stable Format:** Ensuring a stable encryption format with no [cryptographic agility](https://en.wikipedia.org/wiki/Cryptographic_agility) for long-term data storage. - **Simplicity:** Ensuring simplicity and avoiding [feature creep](https://en.wikipedia.org/wiki/Feature_creep): refusal to implement features that are not directly related to primary security goals. ---- - ## Cryptographic Primitives The following cryptographic primitives are utilized by `tird`: @@ -48,16 +44,12 @@ The following cryptographic primitives are utilized by `tird`: For more details, refer to the [specification](https://github.com/hakavlad/tird/blob/main/docs/SPECIFICATION.md). ---- - ## Encrypted File Format Files encrypted with `tird` (cryptoblobs) cannot be distinguished from random data without knowledge of the keys and have no identifiable headers. `tird` produces cryptoblobs that contain bilateral [randomized padding](https://en.wikipedia.org/wiki/Padding_(cryptography)#Randomized_padding) with uniform random data (PURBs). This minimizes metadata leaks from the file format and makes it possible to hide cryptoblobs among other random data. For more details, refer to the [specification](https://github.com/hakavlad/tird/blob/main/docs/SPECIFICATION.md). ---- - ## Hidden User-Driven File System and Container Format You can encrypt files and embed cryptoblobs into containers starting at arbitrary positions. After writing the cryptoblob, you will need to remember its location in the container (the starting and ending positions), which will be used later to extract the cryptoblobs. In this way, you can create a **hidden, headerless, user-driven file system** inside a container: @@ -97,21 +89,25 @@ Any file, disk, or partition larger than ~1 KiB can be a valid container. Crypto +—————————+—————————————+ ``` ---- - ## Usage You don’t need to memorize command-line options to use `tird`. Just start `tird`, select a menu option, and then answer the questions that `tird` will ask: -```bash -$ tird ``` +$ tird -![screenshot: MENU](https://i.imgur.com/h2KG9iy.png) - ---- + MENU + ——————————————————————————————————————————— + 0. Exit 1. Info & Warnings + 2. Encrypt 3. Decrypt + 4. Embed 5. Extract + 6. Encrypt & Embed 7. Extract & Decrypt + 8. Create w/ random 9. Overwrite w/ random + ——————————————————————————————————————————— +[01] Select an option [0-9]: +``` ## Input Options @@ -136,8 +132,6 @@ $ tird A detailed description of these options with examples can be found [here](https://github.com/hakavlad/tird/blob/main/docs/INPUT_OPTIONS.md). ---- - ## Debug Mode Start `tird` with the option `--debug` or `-d` to look under the hood while the program is running: @@ -154,8 +148,6 @@ Enabling debug messages additionally shows: - Salts, passphrases, digests, keys, nonces, tags. - Some other information. ---- - ## Documentation - [man page](https://github.com/hakavlad/tird/blob/main/docs/MANPAGE.md) @@ -163,8 +155,6 @@ Enabling debug messages additionally shows: - [Specification](https://github.com/hakavlad/tird/blob/main/docs/SPECIFICATION.md) - [Tutorial](https://github.com/hakavlad/tird/blob/main/docs/tutorial/README.md) ---- - ## Tradeoffs and Limitations - `tird` does not support [public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography). @@ -176,12 +166,10 @@ Enabling debug messages additionally shows: - `tird` does not support low-level device reading and writing when used on MS Windows (devices cannot be used as keyfiles, cannot be overwritten, and cannot be encrypted or hidden). - `tird` does not provide a graphical user interface. - `tird` does not provide a password generator. -- `tird` can handle (encrypt/embed) only one file in one pass. Encryption of directories and multiple files is not supported. +- `tird` cannot handle (encrypt/embed) more than one file in one pass. Encryption of directories and multiple files is not supported. - `tird` does not fake file access, modification, and creation timestamps (atime, mtime, ctime). - `tird`'s encryption speed is not very fast (up to 180 MiB/s in my tests). ---- - ## Warnings - ⚠️ The author does not have a background in cryptography. @@ -203,16 +191,12 @@ Enabling debug messages additionally shows: ![Strong encryption, weak password](https://i.imgur.com/onTA8IX.jpeg) ---- - ## Requirements - Python >= 3.9 - [PyCryptodomex](https://pypi.org/project/pycryptodomex/) >= 3.6.2 (provides `ChaCha20`) - [PyNaCl](https://pypi.org/project/PyNaCl/) >= 1.2.0 (provides `BLAKE2` and `Argon2`) ---- - ## Installation ### Installation from PyPI @@ -271,8 +255,6 @@ $ minisign -Vm tird-v0.16.0-linux-amd64.zip -P RWQLYkPbRQ8b56zEe8QdbjLFqC9UrjOa This requires the signature `tird-v0.16.0-linux-amd64.zip.minisig` to be present in the same directory. ---- - ## TODO Write or improve the documentation: @@ -282,8 +264,6 @@ Write or improve the documentation: - Specification - Design Rationale ---- - ## Feedback Please feel free to ask questions, leave feedback, or provide critiques in the [Discussions](https://github.com/hakavlad/tird/discussions) section.