mirror of
https://github.com/angt/secret
synced 2025-01-15 15:41:15 +01:00
Update README.md about security
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
This commit is contained in:
parent
8411a513ac
commit
ac33cf0496
1 changed files with 11 additions and 1 deletions
12
README.md
12
README.md
|
@ -8,7 +8,7 @@ A simple and tiny tool that will help you keep your little secrets.
|
||||||
But it does have some interesting features:
|
But it does have some interesting features:
|
||||||
|
|
||||||
- Requires only one file `~/.secret` that you can share publicly without fear.
|
- Requires only one file `~/.secret` that you can share publicly without fear.
|
||||||
- No configuration. Get back your file and you're done.
|
- No configuration. No directory. Get back your file and you're done.
|
||||||
- Secret names (usually hostname, mail, login, etc.) are also encrypted.
|
- Secret names (usually hostname, mail, login, etc.) are also encrypted.
|
||||||
- A secret agent that only trusts subprocesses. Not all the processes of the same user!
|
- A secret agent that only trusts subprocesses. Not all the processes of the same user!
|
||||||
- Secret names completion is available after calling the secret agent.
|
- Secret names completion is available after calling the secret agent.
|
||||||
|
@ -17,6 +17,16 @@ But it does have some interesting features:
|
||||||
- Depends only on the [libhydrogen](https://libhydrogen.org/) library.
|
- Depends only on the [libhydrogen](https://libhydrogen.org/) library.
|
||||||
- Small, simple and non obfuscated C code. Well, I hope so :)
|
- Small, simple and non obfuscated C code. Well, I hope so :)
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
The main goal is to have `secret` working on all architectures and to make it very simple to audit.
|
||||||
|
|
||||||
|
Luckily, permutation-based cryptography has arrived and makes it possible to achieve this goal with very little code.
|
||||||
|
In 2020, using a bloated library full of CVEs will not have been reasonable considering the major advances in this field.
|
||||||
|
|
||||||
|
Only one cryptographic building blocks is used, the [Gimli](https://gimli.cr.yp.to/gimli-20170627.pdf) permutation.
|
||||||
|
All cryptographic operations are derived from this permutation and implemented in the [libhydrogen](https://libhydrogen.org/) library.
|
||||||
|
|
||||||
## Build and install
|
## Build and install
|
||||||
|
|
||||||
This should work on a wide variety of architectures and POSIX systems.
|
This should work on a wide variety of architectures and POSIX systems.
|
||||||
|
|
Loading…
Reference in a new issue