A tool for encrypting files and hiding encrypted data
Project description
tird
tird
(an acronym for "this is random data") is a tool for encrypting files and hiding encrypted data.
Using tird
you can:
- Create files with random data. Use them as containers or keyfiles.
- Overwrite the contents of devices and regular files with random data. This can be used to prepare containers and to destroy residual data.
- Encrypt file contents and comments with modern cryptographic primitives. The encrypted file format (cryptoblob) is padded uniform random blob (PURB): it looks like random data and has randomized size. This reduces metadata leakage through file format and length, and also allows cryptoblobs to be hidden among random data.
- Create steganographic (hidden, undetectable) user-driven file systems inside container files and devices. Unlike VeraCrypt and Shufflecake containers,
tird
containers do not contain headers at all: the user specifies the location of the data in the container and is responsible for ensuring that this location is separated from the container. - Resist coercive attacks (keywords: key disclosure law, rubber-hose cryptanalysis, xkcd 538).
tird
provides some forms of plausible deniability out of the box even if you encrypt files without hiding them in containers.
Goals
- Providing protection for individual files, including:
- symmetric encryption and authentication;
- minimizing metadata leakage;
- preventing access to data in case of user coercion;
- plausible deniability of payload existence;
- hiding encrypted data.
- Providing a stable encryption format with no cryptographic agility for long-term data storage.
- Simplicity and no feature creep: refusal to implement features that are not directly related to primary security goals.
Cryptographic primitives
tird
uses the following cryptographic primitives:
BLAKE2
(RFC 7693):- salted and personalized
BLAKE2b-512
for hashing keyfiles and passphrases; - salted
BLAKE2b-512
for hashing digest list; - keyed
BLAKE2b-512
for creating message authentication codes; BLAKE2b-256
for creating message checksums.
- salted and personalized
Argon2
memory-hard function (RFC 9106) for key stretching and key derivation.ChaCha20
cipher (RFC 7539) for data encryption.
See the specification for more details.
Encrypted file format
tird
encrypted files (cryptoblobs) are indistinguishable from random data and have no identifiable headers. tird
produces cryptoblobs contain bilateral randomized padding with uniform random data (PURBs). This minimizes metadata leaks from the file format and makes it possible to hide cryptoblobs among other random data.
See the specification for more details.
Hidden user-driven file system and container file format
You can encrypt files and write cryptoblobs over containers starting with arbitary positions. After finishing writing the cryptoblob, you will be asked to remember the location of the cryptoblob in the container (positions of the beginning and end of the cryptoblob), which can be used in the future to extract the cryptoblob. In this way, you can create a hidden user-driven file system inside a container.
It is hidden because it is impossible to distinguish between random container data and random cryptoblob data, and it is impossible to determine the location of written cryptoblobs without knowing the positions and keys.
Containers do not contain any headers, all data about cryptoblob locations must be stored separately by the user.
The location of the start of the cryptoblob in the container is user-defined, and the location of the start and end positions of the cryptoblob must be stored by the user separately from the container. This is why this "file system" is called a user-driven file system.
Container structure (as an example):
+—————————+—————————————+— Position 0
| | |
| | Random data |
| | |
| +—————————————+— Cryptoblob1 start position
| Header- | |
| less | Cryptoblob1 |
| | |
| Layer +—————————————+— Cryptoblob1 end position
| | Random data |
| Cake +—————————————+— Cryptoblob2 start position
| | |
| | Cryptoblob2 |
| | |
| +—————————————+— Cryptoblob2 end position
| | Random data |
+—————————+—————————————+
Usage
You don't need to remember command line options to use tird
.
Just start tird
, select a menu option, and then answer the questions that tird
will ask:
$ tird
Debug
Start tird
with the option --debug
or -d
to look under the hood while the program is running:
$ tird -d
Enabling debug messages additionally shows:
- opening and closing file descriptors;
- real paths to opened files;
- moving file pointers using the seek() method;
- salts, passphrases, digests, keys, nonces, tags;
- some other info.
Input options
tird
has the following input options:
[01] Select an option
[02] Use custom settings?
[03] Argon2 time cost
[04] Max padding size
[05] Set a fake MAC tag?
[06] Input file path
[07] Output file path
[08] Start position
[09] End position
[10] Comments
[11] Keyfile path
[12] Passphrase
[13] Proceed?
[14] Output file size
A detailed description of these options with examples can be found here.
Documentation
Tradeoffs and limitations
tird
does not support public-key cryptography.tird
does not support file compression.tird
does not support ASCII armored output.tird
does not support Reed–Solomon error correction.tird
does not support splitting the output into chunks.tird
does not support the use of standard streams for payload transmission.tird
does not support low-level device reading and writing when used on MS Windows (devices cannot be used as keyfiles, cannot be overwritten, cannot be encrypted or hidden).tird
does not provide a graphical user interface.tird
does not provide a password generator.tird
can only encrypt one file per iteration. Encryption of directories and multiple files is not supported.tird
does not fake file timestamps (atime, mtime, ctime).tird
encryption speed is not very fast (up to 180 MiB/s in my tests).
Warnings
- ⚠️ The author is not a cryptographer.
- ⚠️
tird
has not been independently audited. - ⚠️
tird
probably won't help much when used in a compromised environment. - ⚠️
tird
probably won't help much when used with short and predictable keys. - ⚠️ Sensitive data may leak into the swap space.
- ⚠️
tird
does not erase sensitive data from memory after use. - ⚠️
tird
always releases unverified plaintext (violates The Cryptographic Doom Principle). - ⚠️ Padding is not used to create a MAC tag (only ciphertext and salt will be authenticated).
- ⚠️
tird
does not sort digests of keyfiles and passphrases in constant-time. - ⚠️ Overwriting file contents does not mean securely destroying the data on the media.
- ⚠️ Development is not complete, there may be backward compatibility issues in the future.
Requirements
- Python >= 3.6
- PyNaCl >= 1.2.0 (provides
Argon2
) - PyCryptodomex >= 3.6.2 (provides
ChaCha20
)
Installation
Installing from PyPI
Install python3
and python3-pip
(or python-pip
), then run
$ pip install tird
Building and installing the package on deb
-based Linux distros
It's easy to build a deb
package for Debian and Ubuntu-based distros with the latest git snapshot.
Install the build dependencies:
$ sudo apt install make fakeroot
Clone the repo (if git
is already installed) and enter the directory:
$ git clone https://github.com/hakavlad/tird.git && cd tird
Build the package:
$ make build-deb
Install or reinstall the package:
$ sudo make install-deb
Standalone executables
Standalone executables (made with PyInstaller) are also available (see Releases) for MS Windows and Linux amd64.
[!WARNING] Use them only if you're brave enough!
How to verify signatures
Use Minisign to verify signatures. You can find my public key here.
For example:
$ minisign -Vm tird-v0.15.0-linux-amd64.zip -P RWQLYkPbRQ8b56zEe8QdbjLFqC9UrjOaYxW5JxwsWV7v0ct/F/XfJlel
This requires the signature tird-v0.15.0-linux-amd64.zip.minisig
to be present in the same directory.
TODO
Write or improve the documentation:
- Features;
- User guide;
- Specification;
- Design rationale.
Feedback
Feel free to post any questions, reviews, or criticisms in the Discussions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.