We just want to use all of the input and spread it across 128 bits to avoid collisions (same output for different site identifiers). įNV-1a is not cryptographically strong but it does not have to be because potential attacker cannot choose the input. Password4 this can be done in a browser like Firefox that supports BigInt by opening. The companion program password4 creates passwords for a given site by encrypting FNV-1a hash of site identifier with Speck128/256 on the key passed via environmental variable CRYPTOLOCKER_PASSWORD. Unlike Dual_EC_DRBG, Speck construction is very simple so there does not seem to be any place for the backdoor, but if that's still a concern for you and NSA is in your threat model, use something else.īest practice is to use a cryptographic library instead of rolling your own crypto, but that would bring in a large external dependency. Because of that it is viewed with suspicion by at least some in the cryptographic community. Speck cipher was developed by NSA and its release coincided with Snowden revelations. Key length is 256 bit, so if the password is more than 32 bytes long then only the first 32 bytes are used.
No password stretching or KDF (encryption key is just zero-padded password), so use a long password.
Windows binary is called crptlckr.exe because full name is flagged as malware. To cross-compile Windows executable on Linux, install MinGW-w64.
0 kommentar(er)
