search

HACKERALERT / Picocrypt

A very small, very simple, yet very secure encryption tool.
GNU General Public License v3.0
2.42k stars 145 forks source link

"Confirm password" is not requested #163

Closed hakavlad closed 1 year ago

hakavlad commented 1 year ago

"Confirm password" is not requested (I can't check if the password entered is correct when decrypting). If I made a typo when entering the password, I will have to wait until the end of the decryption. pico

BigPanda97 commented 1 year ago

Dude, that's exactly the whole purpose of the "deniability" setting. 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️

hakavlad commented 1 year ago

that's exactly the whole purpose of the "deniability" setting

No.

BigPanda97 commented 1 year ago

that's exactly the whole purpose of the "deniability" setting

No.

It is. 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️ Because without this, it would NOT be deniable. 🤦🏻‍♂️

HACKERALERT commented 1 year ago

Decryption never needs confirm password. The point of confirm password is to make sure that you don't make a typo when encrypting and then be left with an undecryptable volume. When decrypting, if you make a typo, you can just try again. Whether the volume is deniable or not doesn't make a difference here.

On Sat, Jun 3, 2023, 8:58 a.m. BigPanda97 @.***> wrote:

that's exactly the whole purpose of the "deniability" setting

No.

It is. 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️ Because without this, it would NOT be deniable. 🤦🏻‍♂️

— Reply to this email directly, view it on GitHub https://github.com/HACKERALERT/Picocrypt/issues/163#issuecomment-1574930628, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALUMDTFYYL6VUAEUOF5J2YLXJMYHBANCNFSM6AAAAAAYZHPXPI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

HACKERALERT commented 1 year ago

And yes, BigPanda is correct in that the removing deniability component of the decryption process for deniable volumes is unavoidable. Whether your password is right or wrong must be checked after the deniability is removed since the deniability protection is just another layer of encryption and under that later is the actual volume where the encryption key hash is stored. This could be avoided by making some changes to the deniable volume format (storing the encryption key hash in it as well), but I don't think it's necessary since you shouldn't need to try more than three times assuming you know the password.

On Sat, Jun 3, 2023, 8:58 a.m. BigPanda97 @.***> wrote:

that's exactly the whole purpose of the "deniability" setting

No.

It is. 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️ Because without this, it would NOT be deniable. 🤦🏻‍♂️

— Reply to this email directly, view it on GitHub https://github.com/HACKERALERT/Picocrypt/issues/163#issuecomment-1574930628, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALUMDTFYYL6VUAEUOF5J2YLXJMYHBANCNFSM6AAAAAAYZHPXPI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

hakavlad commented 1 year ago

if you make a typo, you can just try again

That's a sufficient explanation, thank you.