[Cryptography] miniLock seems pretty interesting

Cathal Garvey cathalgarvey@cathalgarvey.me
Tue Aug 12 11:42:16 PDT 2014


For those who aren't so keen on JS crypto even when implemented as an
extension (or for those who, like me, think of Chromium as gussied up
spyware), I re-implemeted miniLock in Python and released it today on
Github and PyPI:

https://github.com/cathalgarvey/deadlock
https://pypi.python.org/pypi/deadlock

I added a few features, some of which are only partially implemented.
For one thing, the most secure feature of miniLock, that your key is not
stored but always generated from memory, is now optional for the
YOLO/lazy crowd; you can optionally generate a plaintext copy of your
key and use it to encrypt and decrypt. More practically, there's a
petnames system so you can store and name IDs for other people, and then
encrypt to the petnames.

Also partially implemented but not from the terminal interface is a
means to try and brute-force a prefixed or suffixed ID, though it's not
parallelised yet; I need to learn more about the multiprocess module
first. This is for "vanity" addresses, like one beginning with "cathal",
but lacking the hardware I'd need to accomplish that myself it's just
there because I could write it rather than by true aspiration.

Another handy feature; if you direct deadlock to encrypt a directory, it
will automatically zip the directory and encrypt the zipfile. Recipients
must still manually unzip the files; no way am I opening up that
security bug in my code!

Thoughts, feedback, flames etc. welcome. Unless you're bitching about
lack of explicit WinMac support; that's entirely your problem to figure
out. :)

best,
Cathal

On 21/07/14 17:25, Eugen Leitl wrote:
> ----- Forwarded message from Eric Mill <eric@konklone.com> -----
> 
> Date: Mon, 21 Jul 2014 09:48:32 -0400
> From: Eric Mill <eric@konklone.com>
> To: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
> Subject: [Cryptography] miniLock seems pretty interesting
> Message-ID: <CANBOYLVg=Dndusthy82zbksDwyVupdHU9BaSL1mE6199FbvmYQ@mail.gmail.com>
> 
> I saw this announced at HOPE X this weekend:
> 
> http://minilock.io/
> 
> It uses curve25519 <http://cr.yp.to/ecdh.html>, which requires much smaller
> keys (32 or 64 bits) to ensure security -- and so it basically just demands
> a strong passphrase from the user from which can be derived a strong
> private key.
> 
> The developer has a video <http://vimeo.com/101237413> and slides
> <http://minilock.io/files/HOPEX.pdf> to go along with it, and in general
> focused his energy on persuading the audience that JavaScript crypto is a
> necessary and achievable part of the future.
> 
> -- Eric
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140812/bb1e246b/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140812/bb1e246b/attachment.sig>


More information about the cypherpunks mailing list