Update README.md about security

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2024-12-26 21:58:46 +01:00 · 2020-05-27 08:35:09 +00:00 · 2020-05-27 08:35:09 +00:00 · ac33cf0496
commit ac33cf0496
parent 8411a513ac
1 changed files with 11 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -8,7 +8,7 @@ A simple and tiny tool that will help you keep your little secrets.
 But it does have some interesting features:

 - Requires only one file `~/.secret` that you can share publicly without fear.
- - No configuration. Get back your file and you're done.
+ - No configuration. No directory. Get back your file and you're done.
 - Secret names (usually hostname, mail, login, etc.) are also encrypted.
 - A secret agent that only trusts subprocesses. Not all the processes of the same user!
 - Secret names completion is available after calling the secret agent.
@ -17,6 +17,16 @@ But it does have some interesting features:
 - Depends only on the [libhydrogen](https://libhydrogen.org/) library.
 - Small, simple and non obfuscated C code. Well, I hope so :)

+## Security
+
+The main goal is to have `secret` working on all architectures and to make it very simple to audit.
+
+Luckily, permutation-based cryptography has arrived and makes it possible to achieve this goal with very little code.
+In 2020, using a bloated library full of CVEs will not have been reasonable considering the major advances in this field.
+
+Only one cryptographic building blocks is used, the [Gimli](https://gimli.cr.yp.to/gimli-20170627.pdf) permutation.
+All cryptographic operations are derived from this permutation and implemented in the [libhydrogen](https://libhydrogen.org/) library.
+
 ## Build and install

 This should work on a wide variety of architectures and POSIX systems.