A tool for encrypting file contents and hiding random data among other random data
Project description
tird
tird
(an acronym for "this is random data") is a tool for encrypting file contents and hiding random data among other random data.
Goals
- Providing protection for individual files, including:
- symmetric encryption;
- minimizing metadata leakage;
- plausible deniability;
- data hiding (prevention of detection).
- Keep it simple: refusal to implement functions that are not directly related to primary security goals.
- Providing a stable encryption format with no cryptographic agility for long-term data storage.
Cryptographic primitives
- BLAKE2b:
- salted and personalized BLAKE2b as part of a key derivation scheme;
- keyed BLAKE2b for data authentication.
- Argon2 memory-hard function for key stretching and key derivation.
- ChaCha20-IETF cipher for data encryption.
Cryptoblob structure
512B 0+B
+----------+---------------+
| comments | file contents |
+----------+---------------+
16B 0+B | plaintext/payload | 64B 0+B 16B
+------+---------+--------------------------+-----+---------+------+
| salt | padding | ciphertext | MAC | padding | salt |
+------+---------+--------------------------+-----+---------+------+
| random bytes | random-looking data | random bytes |
+----------------+--------------------------------+----------------+
Tradeoffs and limitations
tird
does not support asymmetric encryption and signatures.tird
does not support file compression.tird
does not support ASCII armored output.tird
does not support Reed–Solomon error correction.tird
does not support splitting the output into chunks.tird
does not support low-level device reading and writing when used on MS Windows (devices cannot be used as keyfiles, cannot be overwritten, cannot be encrypted or hidden).tird
does not provide a graphical user interface.tird
does not provide a password generator.tird
does not wipe sensitive data from the heap.tird
can only encrypt one file per iteration. Encryption of directories and multiple files is not supported.tird
does not fake file timestamps (atime, mtime, ctime).tird
encryption speed is not very fast: up to 180 MiB/s (in my tests).
Warnings
- 🚩 The author is not a cryptographer.
- 🚩
tird
has not been independently audited. - 🚩
tird
probably won't help much when used in a compromised environment. - 🚩
tird
probably won't help much when used with short and predictable keys. - 🚩 Keys may leak into the swap space.
- 🚩
tird
violates The Cryptographic Doom Principle. - 🚩
tird
does not sort digests of passphrases and keyfiles in constant time. - 🚩 Development is ongoing, there may be backward compatibility issues in the future.
Usage
Just run the script, select the option you want and then answer the questions.
Requirements
- Python >= 3.6
- PyNaCl >= 1.2.0 (provides
Argon2
KDF) - PyCryptodomex >= 3.6.2 (provides
ChaCha20
cipher)
Install
Install python3 and python3-pip (or python-pip), then run
$ pip install tird
Binary builds (made with PyInstaller) are also available (see Releases).
TODO
Write documentation.
Feedback
Test reports are welcome. Feel free to post any questions, feedback or criticisms to the Discussions.
License
This project is licensed under the terms of the Creative Commons Zero v1.0 Universal License (Public Domain Dedication).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.