A tool for encrypting files using time-lock encryption and password (lemmy.world)

submitted 4 days ago by Super_gamer46861@lemmy.world to c/opensource@lemmy.ml

10 comments fedilink hide all child comments

http://github.com/umutcamliyurt/TimeLockCrypt

you are viewing a single comment's thread
view the rest of the comments

[-] jet@hackertalks.com 3 points 4 days ago

I think it'll generate 5 days converted into seconds number of operations.

To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation

[-] Markaos@lemmy.one 4 points 4 days ago

def generate_proof_of_work_key(initial_key, time_seconds):
    proof_key = initial_key
    end_time = time.time() + time_seconds
    iterations = 0
    while time.time() < end_time:
        proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
        iterations += 1
    print(f"Proof-of-work iterations (save this): {iterations}")
    return proof_key


def generate_proof_of_work_key_decrypt(initial_key, iterations):
    proof_key = initial_key
    for _ in range(iterations):
        proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
    return proof_key

The first function is used during the encryption process, and the while loop clearly runs until the specified time duration has elapsed. So encryption would take 5 days no matter how fast your computer is, and to decrypt it, you'd have to do the same number of iterations your computer managed to do in that time. So if you do the decryption on the same computer, you should get a similar time, but if you use a different computer that is faster at doing these operations, it will decrypt it faster.

[-] Redjard@lemmy.dbzer0.com 2 points 3 days ago

What is the threat szenario?
If you are smart about parallelization and have access to custom hardware, couldn't you turn 5 days into 1 hour or less?

[-] Markaos@lemmy.one 2 points 3 days ago

Yes, that's exactly the problem - there's nothing wrong with the encryption used, but it's IMHO incorrect to call it time-based when it's "work-based" and it just so happens that the specific computer doing the encryption works at a given speed.

I don't call my laptop's FDE time-based encryption just because I picked an encryption that takes it 10 seconds to decrypt the key.

this post was submitted on 30 Jun 2024

22 points (84.4% liked)

Open Source

28971 readers

424 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml