Full CRYPTO file portability

[HR]

As it is right now, the MasterPass credentials are not included with the CRYPTO file when you encrypt a file using Crypter.

Proposition: Consider including the MasterPass credentials with the CRYPTO file or provide an option to do so.

This has some pros. and cons. that are as follows:

Pros:

• Achieves full file portability: only need to use the correct MasterPass to decrypt file.
• Solves the reusing the same MasterPass problem
• Increases convenience: no need to import or export the MasterPass credentials

Cons:

• Decreases security: more information about the encryption is exposed (readily available) and so makes an attack more easier.
• Increases complexity: makes the decryption and encryption procedure more complex
• Makes it prone to more errors due to increased complexity

[EdOverflow]

Could you give me a rough rundown of the process and the exact information that would be stored in an encrypted file?

[HR]

@EdOverflow at the moment all the public credentials (i.e. IV, authentication tag and salt) required to rederive the encryption for the encrypted file are included in the CRYPTO file. If were to include the MasterPass credentials for deriving the MasterPassKey then you would include the MasterPass salt, MasterPassKey hash and the MasterPassKey salt with the CRYPTO file. I'd recommend you have a look at https://github.com/HR/Crypter/blob/dev/readme.md