dchest · August 1, 2012 12:54
diff --git a/gistfile1.txt b/gistfile1.txt
 MASTER CARD format:

 1 byte | 1 byte | 2 bytes | 2 bytes | 32 bytes |  32 bytes  | 16 bytes | 6 bytes | 8 bytes
 =======|========|=========|=========|==========|***********************|=========|========
 version| logN   |    r    |    p    |   salt   |   enc key  | mac key  |   hash  | MAC
 -------|---------------------------------------|-----------------------|---------|--------
       |     blakrypt parameters               |encrypted with nonce=0 | 

 enc key, mac key -- randomly generated keys for cards
 (stored in Master card encrypted and authenticated with keys derived from password.)

 Changing password for master card: always create a new random salt.

 hash is hash(previous content after encryption) -- used to detect corrupted master card.
 MAC is MAC(previous content after encryption [including hash]) -- used to verify password.

 CARD format:


 20-byte UID | ~ content ~ | ~ padding ~ | 8-byte MAC 
 ============|*************|*************|===========
 UID/nonce  | encrypted with nonce=UID  |

 Encrypted and authenticated with enc_key and mac_key from Master card.

 Padding makes (len(UID) + len(content) + len(MAC) + len(padding)) divisible by 10.

 Padding consist of random bytes. It may be encrypted, may be not.
 For simplicity, it's encrypted along with values.

 Editing card: always create a new random UID/nonce (basically, cards are immutable,
 each edit creates a new card and deletes previous one).

 content:
 ~~~~~~~

 1 byte | 4 bytes | ~varint | ~value   |     |
 =======|=========|  length |          | ... |
 card  | time    |~~~~~~~~~~~~~~~~~~~~~~~~~~|
 type  | stamp   |                          |

 # is varint length

 type 0 = reserved for future use (can/will be arbitrary #key #value pairs)
 type 1 = note:        #title #note
 type 2 = password:    #title #note #url #login #passwd
 type 3 = creditcard:  #title #note #type #name #number #expiry #cvv



 Crypto primitives:

 * stream cipher -- XSalsa20
 * hash function -- BLAKE-256
 * memory hard password-based key derivation -- a variant of scrypt with BLAKE-256 instead of SHA-256
 * short MAC -- SipHash-4-8
 * random numbers -- /dev/urandom

 Cards are stored encoded in Base-32 with the following alphabet: 
 ABCDEFGHIJKLMNPQRSTUVWXYZ0345679.


 Example cards:


 ===
 MASTER CARD

 AAHA TAAB AAKQ NJPB 21JX X1BA ZVK1 WM3E WDPG F1Z1
 63DJ 8374 874X WRQF YPB9 9MYC 0N5Q 2W09 0P5C ZB1K
 YYZB QZDH 2N15 6V2D EJJA BZWP RR9F J8KX 7D7J RSX0
 333Z ZK31 B8HG RC7R XPC8 MJPR 06W7 VSRH PJJV 6THR

 ===

 (password for master card: "hello")

 ---

 Card # 2AS1-JJNZ-1496-3EJ1-DMD0-4BD0-FQ1W-V70Z

 ZSJJ 0GF6 X86M 90QA ZQCV M7Q9 0N31 N4Q1 A8M3 FTB9
 3GXG R401 HF16 5FMW 8GN5 ARGE 9C8G 1SZ4 3FMX K7BQ
 V2YQ E2DZ 1DQR 3J7H 397F 5WDH S3Q0 EC63 1QHN KYS5
 FFXF 0E6K

 ----

 Decrypted:
 kind: 1
 time: 0
 values:
 0: My example account
 1: example.com
 2: [email protected]
 3: adcu4FR]@80$
	MASTER CARD format:

	1 byte \| 1 byte \| 2 bytes \| 2 bytes \| 32 bytes \| 32 bytes \| 16 bytes \| 6 bytes \| 8 bytes
	=======\|========\|=========\|=========\|==========\|***********************\|=========\|========
	version\| logN \| r \| p \| salt \| enc key \| mac key \| hash \| MAC
	-------\|---------------------------------------\|-----------------------\|---------\|--------
	\| blakrypt parameters \|encrypted with nonce=0 \|

	enc key, mac key -- randomly generated keys for cards
	(stored in Master card encrypted and authenticated with keys derived from password.)

	Changing password for master card: always create a new random salt.

	hash is hash(previous content after encryption) -- used to detect corrupted master card.
	MAC is MAC(previous content after encryption [including hash]) -- used to verify password.

	CARD format:


	20-byte UID \| ~ content ~ \| ~ padding ~ \| 8-byte MAC
	============\|***********\|***********\|===========
	UID/nonce \| encrypted with nonce=UID \|

	Encrypted and authenticated with enc_key and mac_key from Master card.

	Padding makes (len(UID) + len(content) + len(MAC) + len(padding)) divisible by 10.

	Padding consist of random bytes. It may be encrypted, may be not.
	For simplicity, it's encrypted along with values.

	Editing card: always create a new random UID/nonce (basically, cards are immutable,
	each edit creates a new card and deletes previous one).

	content:
	~~~~~~~

	1 byte \| 4 bytes \| ~varint \| ~value \| \|
	=======\|=========\| length \| \| ... \|
	card \| time \|~~~~~~~~~~~~~~~~~~~~~~~~~~\|
	type \| stamp \| \|

	# is varint length

	type 0 = reserved for future use (can/will be arbitrary #key #value pairs)
	type 1 = note: #title #note
	type 2 = password: #title #note #url #login #passwd
	type 3 = creditcard: #title #note #type #name #number #expiry #cvv



	Crypto primitives:

	* stream cipher -- XSalsa20
	* hash function -- BLAKE-256
	* memory hard password-based key derivation -- a variant of scrypt with BLAKE-256 instead of SHA-256
	* short MAC -- SipHash-4-8
	* random numbers -- /dev/urandom

	Cards are stored encoded in Base-32 with the following alphabet:
	ABCDEFGHIJKLMNPQRSTUVWXYZ0345679.


	Example cards:


	===
	MASTER CARD

	AAHA TAAB AAKQ NJPB 21JX X1BA ZVK1 WM3E WDPG F1Z1
	63DJ 8374 874X WRQF YPB9 9MYC 0N5Q 2W09 0P5C ZB1K
	YYZB QZDH 2N15 6V2D EJJA BZWP RR9F J8KX 7D7J RSX0
	333Z ZK31 B8HG RC7R XPC8 MJPR 06W7 VSRH PJJV 6THR

	===

	(password for master card: "hello")

	---

	Card # 2AS1-JJNZ-1496-3EJ1-DMD0-4BD0-FQ1W-V70Z

	ZSJJ 0GF6 X86M 90QA ZQCV M7Q9 0N31 N4Q1 A8M3 FTB9
	3GXG R401 HF16 5FMW 8GN5 ARGE 9C8G 1SZ4 3FMX K7BQ
	V2YQ E2DZ 1DQR 3J7H 397F 5WDH S3Q0 EC63 1QHN KYS5
	FFXF 0E6K

	----

	Decrypted:
	kind: 1
	time: 0
	values:
	0: My example account
	1: example.com
	2: [email protected]
	3: adcu4FR]@80$
No results found