After discovering Tomb, and a few personal issues with it, I decided to write a very similar program that doesn’t require root access and compiles to a single binary: Graveyard.

Additional information and source code: GitHub.

Also, sorry about the ugly terminal colors, I recently just switched to Artix and haven’t gotten around to making everything look amazing.

Edit: Cleaned up some stuff

  • @cbarrickEnglish
    201 year ago

    It looks like the key-derivation function used here is just a single iteration of sha256 followed by truncating.

    I’m not a security expert, but I’m pretty sure that’s insecure.

    Consider using PBKDF2 or Argon2.

    • DanielOPEnglish
      111 year ago

      Gosh, I’ve really messed up. Fixing immediately, thank you for bring this to my attention – and I apologize to all y’all.

      • @cbarrickEnglish
        21 year ago

        Again, I’m not a security expert, so maybe your original version was fine for this use case.

        But since dedicated password-based key derivation functions exist, you should probably stick to one of those instead of rolling your own.

        Thanks for fixing this quickly!