չ∂αяквℓσω
Member
Hello everyone, after taking some time off from programming due to my busy schedule and the recent loss of my cat, I’m back and ready to dive back into this field.
Today I’d like to introduce you to a very useful system for protecting both the information downloaded to HoS and your login credentials on the website. But it could also be used for personal security—why not?—such as protecting your online accounts or any encrypted offline material not necessarily linked to HoS. There are endless ways to use this tool; it’s very versatile and useful.
This is a tool designed to ensure that our passwords are extremely secure and unbreakable. I’ll try to explain it as simply as possible: This tool turns your password into a password on steroids—even if it’s weak (though a weak password isn’t recommended anyway). Now, as many of you know, if I enter a keyword on any website that converts words to SHA-256 or other hashes, it outputs a unique, deterministic string for that specific keyword.
My program does something similar, but in a much more secure and functional way. First and foremost, for us developers, I’ve made sure that all the details of how it works are available on GitHub; here, I’ll just explain it in simplified terms for everyone.
I think of a password, something like: “
Sunny!Dolphin77” (obviously, this isn't my real password; it's a randomly generated one). I paste this password into the form in the program, and I also choose a PIM—a number with as many digits as I want, for example, 6 digits to indicate the number of cycles. I choose a PIM, for example: " 563519,“ which will also determine the number of iterations. The pepper will remain the default value in the code, which is: ”Bastet_Secret_Temple_Key_\u{13060}." Then I click the button to start the conversion and...It will return a string like this: "
[I].,6C8E3924C4Ca3-7@86d7137cF4D472a64a9de7BbCa^720bFF893CeC2c4dBE6f5569!28C5a4+b8*1+0$5%b3F05F49D-6bE09D3159160f945ECa4cb596%91~b70E4A55e11C4f37,.[/I]"This string is nothing more than our new master password, which could be used, for example, to encrypt the rituals purchased from HoS with the highest level of security and ensure that no one—absolutely NO ONE—can access such confidential material. You can choose it as a password for a VeraCrypt archive, or even better—I have a double-encryption system with a password for the VeraCrypt archive, and inside the VeraCrypt archive I have a .7z file encrypted with AES-256 using another super password. No computer in the world, not even a quantum computer could break the encryption, since even computers based on the laws of quantum mechanics cannot defy the laws of physics and mathematics; at most, a quantum computer could reduce the security of AES-256 to AES-128, which is still an astronomical figure—not even if all the most powerful computers in the world joined forces to try to guess our password could they succeed, The additional PIM also boosts security astronomically; the string also performs an HMAC calculation by combining the security of SHA-256/SHA-384/SHA-512, adds 50% lowercase characters and 50% uppercase characters, adds a “”.,“” at the beginning and a ‘’,.“” at the end, and randomly adds special characters throughout, making it completely impossible to perform a brute-force attack with our current technologies.
Furthermore, the final layer of protection is provided by the “pepper” embedded in the code; if you modify it, you completely change the deterministic key generation algorithm. You can download the file, change the pepper, and ensure that anyone who needs to decrypt it must also have the file. You can also encrypt the file itself with a simpler password on a hidden computer or hidden partition—the possibilities are endless. .
I also put a lot of effort into the graphics, including the tributes to the goddess Bastet (with a statue above the title), and I added an animated vector image below the cipher at the bottom of the page. Using a special algorithm, I managed to generate unique patterns from a single photo of my late cat, who is now the page’s mascot—I don’t think there’s a better way for me to honor her.
I also focused a lot on the animations, as if we were in an Egyptian temple or inside a pyramid; the torches that follow the scroll add a touch of something mystical!!
I’ve also paid meticulous attention to security by adding multiple layers of protection against XSS (Cross-Site Scripting) attacks.
I’ve also avoided using external libraries, opting instead for native libraries in modern browsers—it’s all vanilla code. Most importantly, the code is open source and completely transparent; it’s all contained in a very lightweight .html file of just a few kilobytes. You can download and examine it; if you’re unsure about what it does, you can send the code to be analyzed by an AI, or scan it with VirusTotal. It doesn’t connect to the outside world, and in fact, it’s recommended to download the file and open it locally without an internet connection, so we avoid any kind of leak. Soon I’ll explain another aspect related to security against spyware.
Links:
https://github.com/darkblows/BastetCipher (Source code)
https://darkblows.github.io/BastetCipher/BastetCipher.html (Website)
https://haagenti.netlify.app/ (Website 2° link)
(Additional downloads are listed in my signature in case there are any issues with the main ones.)
__________________________________________________________________________________________________________________________________
I’ll wrap up by sharing some specific tips.
When you start donating and become part of HoS, we have an obligation to ensure that the protected information is read solely and exclusively by us, in my opinion, VeraCrypt is excellent software; for optimal use, you can employ the triple-encryption combo, pair it with a great PIM, and—most importantly—within an encrypted volume, it is strongly recommended to take your security to a paranoid level by placing all files inside an encrypted 7z archive with hidden filenames; this exponentially increases security.
Another tip is always to use Linux and avoid Windows and especially Mac like the plague. If you can’t do without Windows, I recommend either running it in a virtual machine within Linux to run Windows software, or using Wine, or perhaps setting up a Linux/ Windows setup where you use Linux for those secret files and Windows for daily tasks. If you’re experienced enough, I also have an additional layer of protection with my LUKS-encrypted drive (I don’t even have a dual boot; I just run Windows in a virtual machine and never open the virtual machine when accessing protected files).
I also recommend disconnecting from the network to prevent any spyware from sending data to a remote server, even though it hasn’t been mentioned that highly advanced spyware can accumulate buffered data that may be sent later after reconnecting, so to avoid this, it is recommended that after opening the files, you restart the computer so that if the buffer is loaded into RAM, it is cleared; if it is loaded into the .cache directory, simply delete it with `rm -rf $HOME/.cache/`, or use programs like BleachBit.
But most importantly, to tell if you’re a victim of spyware, I recommend installing Wireshark, which lets you monitor all network traffic (
Code:
sudo apt install wireshark
Code:
sudo nano /etc/hostsOne last note: obviously, my program was created specifically for this purpose. You can enter your initial password, which will be converted into the master password that you can use to encrypt files. And since the algorithm is deterministic, all you need to do is keep the program offline, remember the initial password, paste it into the program, and use it to open the protected files!
__________________________________________________________________________________________________________________________________
And with that, my brief guide on both general spyware protection and how to use my program has come to an end!
I hope the explanations were helpful and clear. If you have any questions or need assistance, please don’t hesitate to ask—I’ll try to be more available as I free up time from my other tasks.
