Hacker News new | ask | show | jobs
by smoldesu 1242 days ago
> So there is no possibility to brute force.

Yet. The cost of copying it is negligable, which suggests there's probably someone collecting these from GitHub repos with the intention of cracking them someday.

So sure, you're "fine" for now. Maybe 3 years from now you'll log onto Hacker News and see the Chinese Shor's algorithm accelerator on the frontpage, though.
1 comments
throwaway15908 1242 days ago
I should have said that the token file is several kb in size, about 1/20 of my vault size, and of course random noise.

I am aware that future hardware or algorithms could bring down the cost of brute forcing it, thats why ive choose several kb size.

link
pwg 1242 days ago
> I should have said that the token file is several kb in size, about 1/20 of my vault size, and of course random noise.

None of which matters.

What matters as to whether an attacker can decrypt it is the algorithms used to encrypt the token.

link
throwaway15908 1241 days ago
But an attacker can never tell if the current guess to crack the token is the right one. Its just random noise in the end.
link
pwg 1241 days ago
You have not explained how the token relates to decrypting the vault.

You have also not explained how the vault is encrypted (I'm assuming it is encrypted somehow, otherwise an attacker simply downloads the vault and has your credentials).

You can't expect us to give you anything but generic statements if you don't explain how your system works.

link
throwaway15908 1241 days ago
Ok, fine. I still dont feel comfortable, but here is the link.

https://github.com/proxemy/dotfiles/blob/master/scripts/toke...

The vault is regular kdbx with an additional password file.

Thank you for your time btw.

link
pwg 1241 days ago
> I still don't feel comfortable,

No loss pointing out that you also publicly show the decryption script. If your system is not resilient against an attacker that knows everything, except the key, then your system would violate Kerckhoffs's principle (https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle).

But you still do not explain how this token relates to the vault, nor how decrypting the token is a necessary dependency to decrypting the vault.

link