~Update~
You can now encrypt plain text, so anything you want. With this, you can send sensitive information over insecure channels or share publicly with real plausible deniability. (below 2000 characters works without issue)
~Changes~
I rebuilt the system with a different encryption design, and address many of the flaws pointed out in V1.
I really wanted any password to always decrypt so you never know if you are right. I found the XOR algorithm that does this, but there is an entropy problem, where an incorrect password will almost always output non-common characters, I attempted to solve this at its core by diving into the math and some research papers but got nowhere, as it seemed to be almost impossible.
I tried finding an algorithm that would give me perfect plausible deniability, so if you shared a link X with a password you could use a different password and get Y, saying you never intended to share X. It doesn't exist π’ I came up with a workaround by adding decoys which are mutable XOR ciphers joined, it allows you to set what other data is included, so you can tailor your alibi.
Here is the demo link. There are three memes you can find
Password: test1, test2, test3
~Safety~
It should be safe to share data encrypted with this method, I did some basic brute force tests and did not find any shortcuts, I have a rough estimate of a billion years on a server farm for a 12digit password.
~Considerations~
@calcopiritus@lemmy.world said:
"Thereβs 2 secrets here: the link and the password. And to share it with someone you need to share 2 secrets: the locked link and the password."
A strong password is almost impossible to crack, but you can use a popular text link tool like pastebin with expiry to mask the encrypted data. As for eliminating the password, I have considered using the site as the 'shared secret' so you share just the cipher, and if you know the URL you can paste it in, and it would be encrypted/decrypted with a derived key the site stored.
What do you mean, the XOR Algorithm?? For this case, an AES-256 GCM AEAD (Authenticated Encryption, possibly with Associated Data) seems like the perfect use case. AES GCM is usually the most secure mode.
I hope you didn't literally use XOR, so like you have some key stream the length of your data, XOR the key stream with the data to get some output. This is what some modes do internally, like AES CBC, but for an application you should just use something from a stable crypto library.
If anything, keep to Rule Number 1: Never do your own Crypto.
I hear you, XOR is bad π I should just use the crypto library.
I get that coding cryptography is fun. I did it in university for the relevant classes where we had been given specific exercises, test vectors, in the second one even automatic testing with thousands of test cases, and speed mattered too. For education, that's pretty amazing, but if you do your own Crypto and put it in production you're just asking for trouble.
This really is just an AES GCM case. And don't understate the beauty of using a well formalized and thought out crypto primitive for actual applications. Cryptography is fucking cool.
If you like experimenting with cryptography check out circom, it's a relatively simple language to program zero knowledge cryptography. I was the head of development at a programmable cryptography research and development organization for a bit, it's fun stuff, we researched and experimented with zero knowledge proofs, multi-party computation, and some more far fetched stuff like fully homomorphic encryption and indistinguishablility obfuscation. What you are trying to do definitely can be done with zk.
Also, please never use xor again lol
The cutting edge/novel techniques was what I was looking for, this is really cool. I'll look into it more.