diff --git a/README.md b/README.md index a35ffa1..3511b4f 100644 --- a/README.md +++ b/README.md @@ -10,28 +10,6 @@ ![screenshot: menu](https://i.imgur.com/T5gXTko.png) -## Features - -- `tird` is a single Python module with no external dependencies (uses `hashlib` module from the standard library for keyfile hashing, keys derivation and for encryption). -- `tird` has no config file and no command line options (except `-d/--debug`). Looking at the shell history will not provide information on how `tird` was used. -- The result of encryption (mode 2) is [PURB](https://en.wikipedia.org/wiki/PURB_(cryptography))-like objects (call this "cryptoblob"). -- Cryptoblobs are indistinguishable from random data. -- `tird` uses [randomized padding](https://en.wikipedia.org/wiki/Padding_(cryptography)#Randomized_padding) with max size up to 20% (by default) of the message size. -- `tird` allows you to hide cryptoblobs among other random data (mode 6), use arrays of any other random data as containers for hiding cryptoblobs. Thus, deniable encryption is implemented. -- Auxiliary modes (8 and 9) allow you to create arrays of random data: create files with random data (mode 8) and overwrite files or devices with random data (mode 9) for subsequent hiding of cryptoblobs. -- `tird` supports an unlimited number of passphrases and keyfiles for encryption. -- Directories and devices can also be used as keys. -- `tird` allows you to add comments (description) and an authentication tag to the encrypted file contents. -- Any file larger than a certain minimum size is a valid `tird` cryptoblob: the use of any keys when decrypting will give some output with the result `completed successfully`. -- `tird` only provides symmetric encryption with stream cipher based on XORing plaintext with keystream blocks. -- SHAKE256 XOF output is used to create keystream blocks. -- When encrypting, you can set custom values: randomized padding max %, catpig memory-hard function space and time, and optionally add fake authentication tag. -- `tird` can also be called software for steganography: a cryptoblob can be written over a flash drive or disk. Then the existence of a cryptoblob cannot be detected without statistical analysis to identify areas of high entropy (even this will only suspect, not prove the existence of a cryptoblob). -- If random data is encrypted with default options (without MAC and comments specified), then it is impossible to prove that this or that key was used for encryption: the decryption result will always be random data. -- `tird` does not force you to use any standard extension for output file names. The name of the output file is always set by the user. -- Keyed `BLAKE2b` is used for creating message authentication code (MAC is added by default and can be optionally faked). Adding a MAC will help you check the integrity of the data when decrypting. -- `tird` does not provide reliable data on whether the entered dectyption keys are correct. This is based on the fact that adding an authentication tag is optional. If a MAC was added during encryption, then when using the correct key, it can be reported "authentication failed!" and "completed successfully". If the MAC was not added during encryption (this is the default behavior), then the only way to find out to pick up the correct key is to statistically analyze the output files. - ## Cryptoblob structure ``` 512B 0+B @@ -59,7 +37,7 @@ - `tird` does not wipe sensitive data from the heap. - `tird` can only encrypt one file per iteration. Encryption of directories and multiple files is not supported. - `tird` does not fake file timestamps (atime, mtime, ctime). -- `tird` encryption/decryption speed is not very fast: up to 186 MiB/s. +- `tird` encryption speed is not very fast: up to 186 MiB/s (in my tests). ## Warnings @@ -101,9 +79,13 @@ $ tird $ pip install tird ``` +## TODO + +Write docs. + ## Feedback -Test reports are welcome. Feel free to post any questions, feedback or criticisms to the [Issues](https://github.com/hakavlad/tird/issues). +Test reports are welcome. Feel free to post any questions, feedback or criticisms to the [Discussions](https://github.com/hakavlad/tird/discussions). ## License