Protect data with weak passwords / pins via OpenADP's Ocrypt
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
PBKDF2 (VeraCrypt's password hashing algorithm) is trivially broken in most cases, and attackers can easily decrypt a VeraCrypt volume. With OpenADP's Ocrypt, network-base "oblivious" password hashing protects an encrypted volume with a simple pin far more effectively than most passwords.
I'll probably create a friendly fork of VeraCrypt in oder to offer folks strong container encryption. Please feel free to merge Ocrypt into VeraCrypt at any time.
Oh, nice! I see you have Argoon2 integration. No self-contained password hashing algorithm can protect a PIN, so I'll add Ocrypt support in github.com/openadp/veracrypt. This is the kind of algorithm used by big tech to protect billions of user's smart-phone backups using a simple phone unlock PIN. If you want a billion users to remember something, it has to be something they use all the time.
I have Ocrypt working now with VeraCrypt on Linux, just for encrypted volumes, not whole-drive encryption. One issue I have is Ocrypt relies on OpenSSL for bignum computations, and Ed25519 public key operations. I don't see equivalents available in VeraCrypt.
I'd like to get this code to a state that is acceptable to VeraCrypt devs. What requirements would you place on Ocrypt? Can I link to OpenSSL? Do I have to find libraries for a minimal set of operations needed for Ocrypt's public key functionality (Noise-NK). Would you prefer linking in libgmp for bignumbs, and do everything else manually? At a minimum, I need big number operations.