Why do all Triplesec ciphertexts start with "1c94d7de0000000"?

keybase / triplesec

Triple Security for the browser and Node.js

https://keybase.io/triplesec

MIT License

399 stars 48 forks source link

Why do all Triplesec ciphertexts start with "1c94d7de0000000"? #84

Open firepacket opened 3 years ago

firepacket commented 3 years ago

You know some of us in the security field value not having blatantly identifiable markings in our ciphertext.

Now I understand there may be reasons for some type of header that denotes... something.

But if this text is LITERALLY ALAWAYS THE SAME why is there at all?

AndersTornkvist commented 2 years ago

The first four bytes (8 characters in the hex representation) is a magic marker. The next four bytes is the version number (8 characters in the hex representation). So for version 4, it will start with 1c 94 d7 de (magic) 00 00 00 04 (version 4)

You can find it in the source: https://github.com/keybase/triplesec/blob/a9d289731ae146411f61a5f267106c79295369ed/src/enc.iced#L68

And read more about the format at Keybase TripleSec website: https://keybase.io/triplesec

firepacket commented 2 years ago

Read my updated complaint issue #86

I didn't even realize I had already posted this last year.