Skip to content

Instantly share code, notes, and snippets.

@adelcambre
Created February 5, 2013 22:44
Show Gist options
  • Save adelcambre/4718414 to your computer and use it in GitHub Desktop.
Save adelcambre/4718414 to your computer and use it in GitHub Desktop.

Recursive encryption/decryption

The benefit of this approach is simple: The original passphrase can't be brute-forced from only the encrypted result without trying all the recusrive encryptions and knowing how many recusion levels were used during encryption.

Test

echo hello | red e world | tee hello-world.enc.txt | red d world

Now the hello-world.enc.txt file is "hello" encrypted recursively using sha512-recursive digests of the "world" passphrase.

Explanation

echo hello | red e world 3

results in essentially:

hello-world.enc.txt = e(e(e("hello",sha("world")),sha(sha("world"))),sha(sha(sha("world"))))

which can be decrypted using:

cat hello-world.enc.txt | red d world 3

results in essentially:

"hello" = d(d(d(hello-world.enc.txt,sha(sha(sha("world")))),sha(sha("world"))),sha("world"))

More

This technique is strengthened further by changing the cipher algorithms based on the passphrase. It feels kinda like salting each iteration.

#!/bin/bash
# GitHub, this file isn't JavaScript. See the above line.
# Recursively compress stdin based on a recursive sha512'd passphrase.
# Direction: e d
c=${1:-e}
# The number of recursive steps.
n=${2:-10}
p=${3}
[ "${p}" ] || {
read -s -p 'Passphrase: ' p >/dev/tty </dev/tty
[ "${p}" ] || exit 1
printf '\e[12D\e[2K' >/dev/tty
cat | ${0} ${c} ${n} "${p}"
exit $?
}
# For now, restrict the maximum iterations.
((n>100)) && n=100
((n<=0)) && {
cat
exit 0
}
# The passphrase salted with the iteration, digested on each iteration.
p=$(echo "${n}${p}" | shasum5.12 | awk '{print $1}')
# Cycle ciphers based on password checksum.
ciphers=(bf aes-256 des-ede3 cast)
w=$(echo ${p} | sum | awk -v c=${#ciphers[*]} '{print $1 % c}')
cipher=${ciphers[w]}-cbc
# For the last iteration, use base64.
((n==1)) && ascii='-a' || ascii=
exec 2>/dev/null
set -o pipefail
[ ${c} = 'd' ] && {
# When decrypting, push all the digested passwords before starting to decrypt.
${0} ${c} $[n-1] ${p} | openssl ${cipher} ${ascii} -${c} -salt -pass pass:${p}
}
[ ${c} = 'e' ] && {
openssl ${cipher} ${ascii} -${c} -salt -pass pass:${p} | ${0} ${c} $[n-1] ${p}
}
exit $?
U2FsdGVkX18KvgkEqvbxbiIN2nlXOWbw8RBL/8vaq2pVkDkH3yk5XtBWi8O9RE0r
MhDUc/CZ0lEnGPeG02XDJDhKKQgZf3aER7K7OvG8hFbIJoGFu5B1QnStsr7cJcKA
+D1mgcrnWVxJiHLulxwgt2lJLE2ajdZR6wNr38iwDRq02CiyFppXL/vXZBxsRs7A
/5iwOtxWJ8Dvea01OpjBj0Hew2aE6Ww5W0i+7Px9TLTGHDkYWhB/3UbNXj5k2jxv
dTsZfrmi/nI13JlUEQUz5KEeFPgr2lEqqu//BiPuxuc0xyuroJ6U7nBMnmsLfNQX
FPifGHqQsYVdn7BMZcrpECZ74mqFZYldZw9nhQJaCavv6wqniXHu3CGbIsffHtYY
eblrPz7+kXcg0jaTZofyjRw0/zHAWNTJRsakPcX+zP2n59yu5O0VeUTTuMubeoS+
PfxBDGJYQ6x1lreO5qBeyb7baHEAoJy6ij690jrcB35vE6zset7etkLdWbgxGYVl
R/mO9Hdn75jE6JZkFKHHFPjNNfp9J2j8/TsuIKoK9S8j8qT9pW97Kbb0YmaVMdhO
ZkOmDp/H1HOe4tEN6ibPT1Z/ZaL6xpuKJ8J4uPJtjXXR9VTooH7iRr+4IkFRtOjA
7LBgf+cdKjCT+HaZu+msW5SJS6rJBzh5MVPKFzumxPJU4xIUxIB3AYD+8TJKQtf/
mhJps+UhBFWuETVuzkSTJGBCJaVMuLR4bxyk/Sb5vZLaFAtMcpQpJFHnazQLsjkP
ZQ2LGtIh/edcEZTlb4CMUN3hAiYf7DNUIVTR/Tjckkq8373ChuQEq/9nPhZaOfHC
DiWzXYMlaGQn7UREVk8bxIAU7Pyq4bGrX3Vy+qPE8rUcwpbg5vV9L9f43dHw2fvq
eOXYYDEgu2RLWNPcpTYyVdbAP1UJrblF658GP704g7QNlMY/WWyAY66fRuLy/WhZ
abG8I2JFErJUuT/xpgGu8TMx7/ByqMIhwwdEIR8WJAsZVoeejg8GMMs0VR9ap5R0
f2kaYNWG5a88r8NNlaTSy7oZOvSppo6YeRsn3J+zQPqn/RMi73KRdt/6EFFhjw54
hpvRe9AzcHgDVe616XO25/2noiTjw+mGbooNwwAvzaQS8BlrD6PT6PJdHu91baMN
/Dia4G3rigfgRPuL433OI63Ny6+wMPNdmNt1CmJw2UCa5lTfCI8gGTa4kO42mAM1
18/sI5lePSEul0gtXDTCmVU6BiyG4HUj4I8xVdHH0xfYkhMyHqT7m2GdPXXl85LT
vqzHcJUpK9O/J0yZd8Kq+6j9Nx1USGrokFNrZ4WVmAaMTd7ThPATfM4iGzKgNEe9
DAim4CMpyTcYcytKkQQbYQyyKU0R2xjH/MybbF2z6zvLYR4njk4BdGYrn+1213h+
jgNvWaK9ZrEceyL0L0J/RiwM2GVK0SkBWWI/GoTdUc+a07cTnoSASNaUsYLOzdLL
NSN4o9I+/HzBRIseXfhi2rg5ULHusyaM0qe0ZIPRUoyBC/dJR9mfLL2zP74/QIUR
FBDdLRknJOYP6RIcGx3UPZ/YnOj/qThlpDYXgvgavFVcS24pwKXNrzHg1mHvXngC
71qOegx4aiVa2JnWMM2zqnGxsrHWl/fhWSPeroepQWa/OtivWKkRT7wg1EaRwsAy
U8r7WhYThPSWa65kKiiv2ATa1ZgkbEsCc6mOPGtNq84bTy6FxPkZ2dBW77AW0Iae
USyAnse0+jLntizqAdBEy+BU9+wsEjdJds7UKlwouoFBPDhRRIm+LiYYaP/hTbEc
20Me8lidcxJsHxplol+pxp21fXXJ2gWMgjz+UC3Q1E4mBZj+h4Tt/X42eho3bOok
1lpkSPZUL0paB/fUNFtta/d3snr6Qgi6AqPGlTb09jv+J9grUVmMuOaNiIrxmWw3
CRJmEqEvOx4PeAOa/OW/Wg6lQcZeIlLSuIwWRWq8Wkhsr9vh1YsYONtsr3DRmzU7
t+kiT+AwBvY1wizMI5vK9BJVtWcV2yIwUgnaMC/Ihu2ozolLSVoC1uIy9o1U279z
2ywzT/ntnu+O9Ajloy7NNkluWmoOsYDsEGhbvYUVYI7b+I+cLSPipjhJLUobP/Nv
C6S3nm3EGEEEO6DSQWStmfK1/LDsSstvZ7ildk9AxcNGLrWuhLgIZOdbrZlwhcoq
os9EhK+12mNWl+26Zfv8/Y4rImTXhtztP7Z5UGgVoDRt0y8UavVcrURzAkryDPUU
srbak0rRTv+vyg3mcwRepXJKusf83vWx9vfE+tB42vuK/mmkUSq41yy07sM9nhsi
HHkdq9GRHXYG7nToZ9qO7gIQ/777pgVG1a8RliCCPG0+FjSISuMRAwb+ndEJQzju
gOF6yEdQvlLNMpJsTR3lqUwVqEWmWSOqe8qQMj+2ttkzJM7zuFnDr+aUjN1IaVVz
Go57M7JttvGv4X6Q3IMtZECyhossBwmAFHsg0cZenoZkI18UmuaUhPD0aC8rDaxd
vdTftQmfnFYfG8wegcycYIURk15vHVjl5NThin0icWvidS/wzZ6ixPxd83s+5T1C
HnESd+d6jRhUAA4hQU+18LIrlhKJ8eEGlNzAa3ebofLBwzo1OJx5j6IHoLrqr5Fw
QWrFOhP1Yqa3jKdykg7dm+ZWG6LOQKz7gEZDg5E5q4Vg8qJvfOOAvfWzqub/KtDH
xlSS1eOFvQq9Yw+TbJe7YKs6WYhzisz85CediZl6IUKT3vo3KeNySM8t33xfoRaa
4XbgW53NBlk53QxqrF9HqB9ORaRQjsztU7WguJB6xdeZl98qnqkAAesVyOUYZn8U
bY4BLov54untNU+x3b/99t2HF01DMepFbhYCsiF85v4O4yQm+cxTKzD0j+7AglP1
/OK5hZoD+sTXUVlk5B/o/rmfMUV4noGlYU8pnLTCG5E7P+6oZCgyA3NqO/W1PmE4
cytQNU07uYQZR+PKZ9WODrmYZQkvPLfvrFonDbfiIWT0RwmnfL7wI2zKXvS11UkG
mNAz2tlMpLeBe88LVouL3QiplfUmRT+QVX4uqkklcCu2Og7ReV+/jKI2F+Jx8uP3
txFjJb0xx4kQHlVkkxpb7KSA/nyU5+gay6e6VN1OhWoKHYsg6EWWJiHZ0RW/2LBG
W0PJV7KyusyNq4v6ADYVqMq92+R9P1CH8vxxS+ZkDpMyKknitoYt4/auPahLEJeu
L/UVxETLkdyxzMsWLGYHOAsQ6lq6s/l56Uqq9/vlZPKHEL8/rjNMb44hd4opQB/h
v1plS6+GNr6U04zFUatoZQ7RPBe/JcA8BiZgOY0TiVw=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment