PlainTextVault: Robust Encryption for Your Sensitive Text Files

As a developer with a deep interest in cryptography and data security, I'm thrilled to introduce PlainTextVault—an open-source project that focuses on encrypting plain text files using the highly secure AES encryption standard. Designed as a side project to explore and learn about the intricacies of cryptography and its practical applications, PlainTextVault provides a powerful tool for safeguarding sensitive text data.

Under the Hood: AES-GCM Encryption

At the heart of PlainTextVault is the AES-GCM encryption algorithm. AES (Advanced Encryption Standard) is a widely adopted symmetric encryption algorithm renowned for its robustness and efficiency. GCM (Galois/Counter Mode) is an authenticated encryption mode that ensures both confidentiality and integrity of the encrypted data.

When you encrypt a plain text file using PlainTextVault, the tool performs the following steps:

1. Generates a random 256-bit encryption key using a cryptographically secure random number generator.
2. Derives a secure encryption key from the user-provided passphrase using the PBKDF2 (Password-Based Key Derivation Function 2) algorithm with a high iteration count to protect against brute-force attacks.
3. Encrypts the plain text using AES-GCM with the derived encryption key, ensuring the confidentiality and integrity of the data.
4. Stores the encrypted data in a .val file format within the vaults directory.

The AES-GCM algorithm provides strong security guarantees. The AES algorithm itself is resistant to known cryptanalytic attacks, and the GCM mode ensures that any tampering with the encrypted data can be detected.

Enhanced Security Features

PlainTextVault goes beyond basic encryption by incorporating additional security measures to fortify the protection of your sensitive data:

1. Secure Passphrase Generation: Instead of relying on user-chosen passphrases, PlainTextVault generates random passphrases and shuffles them based on user input. This approach makes the passphrases highly resistant to dictionary attacks and ensures a strong foundation for encryption.

2. Key Derivation with PBKDF2: PlainTextVault employs the PBKDF2 algorithm with a high iteration count for key derivation. This process adds an extra layer of security by making it computationally expensive for attackers to guess the encryption key, even if they obtain the passphrase.

   The PBKDF2 algorithm can be represented mathematically as follows:

   DK = PBKDF2(PRF, Password, Salt, c, dkLen)
   

   Where:

   • DK is the derived key
   • PRF is the pseudorandom function (e.g., HMAC-SHA256)
   • Password is the user-provided passphrase
   • Salt is a random value used to prevent rainbow table attacks
   • c is the iteration count (e.g., 100,000)
   • dkLen is the desired length of the derived key

   The high iteration count (c) makes the key derivation process time-consuming, rendering brute-force attacks infeasible.

3. Isolated Encryption Environment: The encrypter.sh script provided with PlainTextVault uses tmux to create an isolated session for encryption and decryption tasks. This isolation helps prevent sensitive information from being inadvertently leaked through the terminal history or other system logs.

Resistance to Brute-Force Attacks

One of the key strengths of PlainTextVault is its resistance to brute-force attacks. The combination of AES-GCM encryption and PBKDF2 key derivation makes it extremely difficult for attackers to guess the encryption key.

The security of AES-GCM against brute-force attacks can be quantified using the following equation:

T = 2^k / P

Where:

• T is the average time required for a successful brute-force attack
• k is the key size in bits (e.g., 256 for AES-256)
• P is the number of guesses per second

For example, assuming an attacker can make 1 billion guesses per second (P = 10^9), the average time required to brute-force an AES-256 key would be:

T = 2^256 / 10^9 ≈ 1.16 × 10^68 years

This astronomical time requirement demonstrates the impracticality of brute-force attacks against AES-256 encryption.

Furthermore, the PBKDF2 key derivation process adds an additional layer of security. The high iteration count (e.g., 100,000) significantly increases the time required to derive the encryption key from the passphrase. This makes it computationally infeasible for attackers to guess the passphrase and derive the encryption key.

Future Plans and Proprietary Product

PlainTextVault is currently a prototype, serving as a foundation for exploring cryptographic techniques and their implementation. However, we have exciting plans to expand this project into a full-fledged proprietary product in the near future.

Our upcoming proprietary solution will build upon the core encryption capabilities of PlainTextVault while introducing a range of advanced features and enhancements. Some of the planned improvements include:

• Graphical User Interface (GUI): We aim to develop a user-friendly GUI that simplifies the encryption and decryption process, making it accessible to a wider audience.

• Cloud Integration: Our proprietary product will offer seamless integration with popular cloud storage platforms, enabling users to securely store and access their encrypted files from anywhere.

• Multi-Platform Support: We plan to expand the compatibility of our product to support various operating systems, including Windows, macOS, and Linux.

• Advanced Access Controls: We will introduce granular access controls, allowing users to define permissions and share encrypted files securely with specific individuals or groups.

• Enhanced Performance: Our team will focus on optimizing the encryption and decryption algorithms to ensure faster processing times, even for large files.

Stay tuned for further updates on our upcoming proprietary product, which will revolutionize the way you secure your sensitive text data.

Conclusion

PlainTextVault is an open-source project that showcases the power of cryptography in securing plain text files. By leveraging the AES-GCM encryption algorithm, implementing PBKDF2 key derivation, and incorporating additional security measures, PlainTextVault provides a robust solution for protecting sensitive information.

As we continue to develop and refine PlainTextVault, we welcome contributions from the open-source community. If you have any suggestions, bug reports, or feature requests, please feel free to open an issue or submit a pull request on our GitHub repository.

Join us on this exciting journey as we work towards launching our proprietary product, which will take the capabilities of PlainTextVault to new heights. Stay tuned for more updates and get ready to experience the future of secure text encryption!