
Show HN: html-vault – create self-contained HTML for password protected content - dividuum
https://github.com/dividuum/html-vault
======
aurorabbit
On the topic of toy web crypto projects, here's mine:
[https://emojicrypt.com/](https://emojicrypt.com/)

It offers scrypt + aes-gcm, encoded into 256 emoji; all the crypto is in
[https://github.com/aurorabbit/libemojicrypt/blob/master/prot...](https://github.com/aurorabbit/libemojicrypt/blob/master/protocol.1.js)
(I could have went without a subrepo, but in theory it makes non-web
integration or alternate interfaces simple.)

It's based off of ricmoo's scrypt.js, pfrazee's base-emoji, and WebCrypto.

Output contains a header (with N/r parameters), salt, IV, and HMAC. Room for a
dozen more protocol versions as well.

It's abandoned, looking for a loving home! Work for some new (and some
unimplemented) features is laid out here:
[https://github.com/aurorabbit/emojicrypt.com/issues](https://github.com/aurorabbit/emojicrypt.com/issues)

~~~
dividuum
Nice. Did you measure the performance of scrypt.js? The PBKDF2 implementation
in Python and both Chrome/Firefox are similar for me and the Python
documentation states something like 3x slower that the OpenSSL implementation
[1]. So it sounds pretty usable to strengthen the password while still being
usable.

[1]
[https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf...](https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac)

~~~
aurorabbit
Thanks! I didn't, but maybe I should have. I thought the API of scrypt.js
would work well and don't think I came across anything better. I also figure
scrypt is plainly better than PBKDF2; being designed from ground up for key
lengthening and offering memory hardness. I figure bitcoin ASICs might be
repurpose-able to attack PBKDF2; though I'm not sure if that's a threat, and I
imagine it mostly somewhat applies to scrypt anyway because of litecoin and
friends. If I were more worried I would have researched the default parameters
more, I think this is 128- vs 256-bit territory.

------
camsjams
Nice! I made something similar to this: [https://github.com/camsjams/mr-
roboto](https://github.com/camsjams/mr-roboto)

With a slight difference, it works 100% in the browser, you can use it here:
[https://camsjams.github.io/mr-roboto/](https://camsjams.github.io/mr-roboto/)

But you need to store the output somewhere safe.

~~~
dividuum
Nice. I guess the big difference is the key used for the symmetric encryption.
I'm using PBKDF2 to derive the final key to make it harder to brute force in
case you get the HTML file.

------
maxlaumeister
Hey! I also made something similar to this (uses a password-derived key to
create protected, self-contained HTML).

[https://www.maxlaumeister.com/pagecrypt/](https://www.maxlaumeister.com/pagecrypt/)

Mine was originally in-browser, but thanks to some contributors (Zoltán Gálli
and Nial Francis) it has Python and PowerShell CLIs now.

I like your use of async to make sure the work stays off the main thread.

~~~
Tepix
I like it! Works well. Do you see a way to reduce the required code?

~~~
maxlaumeister
I just glanced through it again, and it seems to me that aside from styling,
every section of code fulfills an important purpose. But it could definitely
benefit from being more broken out into components and library-like, so that
the only code surfaced in index.html is the UI code.

~~~
Tepix
Looks like your code predates the Web Crypto API, so switching over to that
should get rid of more than half the code. Right?

------
Tepix
It took way too long on my laptop (i5-6200U). With a decent random password
(say, 14 letters), the search space will be very large. If a determined
attacker (with a couple of GPUs) can attempt 100.000 passwords per second it
will still be impossible to crack in an acceptable time.

If we assume that this determined attacker is calculating these hashes 100.000
faster than the average browser, it should be enough if the user has to wait
for one second, not one minute.

On the other hand everyone has different security requirements so perhaps
making it configurable is the best way to go proceed (with some
recommendations).

PS according to
[https://github.com/analsec/hashcatbenchmark/blob/master/Nvid...](https://github.com/analsec/hashcatbenchmark/blob/master/Nvidia/rtx_2080ti.txt)
a RTX 2080Ti can crack 750k WPA-EAPOL-PBKDF2 with 4096 rounds per second.

------
sowbug
Similar: [https://github.com/sowbug/quaid](https://github.com/sowbug/quaid)

~~~
dividuum
Indeed. The project motivation is even similar to mine (bootstrap yourself in
case everything gets lost). I guess the main difference between the two is
that I tried to make the generated HTML minimal so it's easier to verify
before entering a password.

------
eitland
This might take a moment it said but I think I waited two minutes with no
result in sight.

~~~
dividuum
If there's no error message in the browser console, I guess the 20 million
PBKDF2 might be a bit much. Which browser are you using?

~~~
eitland
Recent release of Firefox, on a developer laptop.

Edit: add more details.

------
bmsleight_
Works, but takes a little while. Nice -useful

~~~
dividuum
That's very much by design. The idea is that even if the file is stolen, a
good password should still protect against a lot of bruteforcing.

~~~
mc3
By design? Or running code in the browser is inefficient? (not your fault,
that's the way it is) Keepass (Desktop app) for example doesn't take ages to
open.

~~~
dividuum
Yes: By design. This helps make brute forcing the password harder by forcing
each attempt to take a while. The crypto implementation in the browser itself
is pretty fast.

You can easily make it faster or instantaneous by lowering the number of
PBKDF2 rounds in the html-vault script. The default of 20 million seems a bit
excessive based on the feedback so far.

