ths-csprng 1.2.0 → 1.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -22
- package/package.json +7 -13
package/README.md
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
|
|
11
11
|
[](https://github.com/harnuma9/temporal-hardening-solution-csprng/blob/main/LICENSE)
|
|
12
12
|
|
|
13
|
-
[](https://badge.socket.dev/npm/package/ths-csprng/1.2.3)
|
|
14
14
|
[](https://harnuma9.github.io/donate/)
|
|
15
15
|
|
|
16
16
|
<br />
|
|
@@ -226,27 +226,6 @@ However, the most critical threats involve **real-world hardware vulnerabilities
|
|
|
226
226
|
|
|
227
227
|
<br />
|
|
228
228
|
|
|
229
|
-
### ✅ Scope of Protection
|
|
230
|
-
|
|
231
|
-
The **THS-CSPRNG wrapper** is specifically engineered to mitigate scenarios where an adversary attempts to:
|
|
232
|
-
|
|
233
|
-
1. **State Reconstruction**: Reconstruct the historical state of your machine at the precise moment a key was generated. (a core concern in [Cryptanalysis](https://en.wikipedia.org/wiki/Cryptanalysis)).
|
|
234
|
-
2. **VM Replication**: Exploit **VM snapshots** or “cloning” events that cause multiple instances to produce identical, non-unique “random” output.
|
|
235
|
-
3. **Entropy Subversion**: Bypass or predict hardware entropy sources via [manufacturer backdoors](https://en.wikipedia.org/wiki/Hardware_backdoor) or side-channel influence.
|
|
236
|
-
|
|
237
|
-
<br />
|
|
238
|
-
|
|
239
|
-
### ❌ Limitations (What it can’t protect)
|
|
240
|
-
|
|
241
|
-
Although it is a CSPRNG wrapper, engineered to protect generated secrets from theoretical to real-world risks, it does not protect you from:
|
|
242
|
-
|
|
243
|
-
1. **Actual time travelers**: They can travel from any time physically; that is cheating. A threat model specifically mitigates against any “observations” from 3D observers in the future using speculative “sci-fi” technologies.
|
|
244
|
-
2. **Malware, Spyware, Exploits, etc.**: If your device is compromised at the OS level or pre-loaded with spyware, an adversary doesn't need to predict your entropy—they can simply **[intercept the final generated secrets](https://en.wikipedia.org/wiki/Form_grabbing)** from memory.
|
|
245
|
-
3. **Physical Extraction**: If an adversary has physical access to your hardware and a soldering iron (or a very cold can of compressed air for a “[Cold Boot](https://en.wikipedia.org/wiki/Cold_boot_attack)” attack), they are bypassing the RNG logic entirely to target the stored result *(while TEEs and memory encryption help, physical access might be a game-over scenario)*.
|
|
246
|
-
4. **Human errors**: High-quality entropy cannot save you from logic errors. Hardened seeds are useless if you accidentally log them to a public console, hardcode them into an automated script, or fall victim to a social engineering / **[MITM attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)**.
|
|
247
|
-
|
|
248
|
-
<br />
|
|
249
|
-
|
|
250
229
|
> [!NOTE]
|
|
251
230
|
>
|
|
252
231
|
> **Hardening Level 3 (Heavy)** is computationally expensive by design. It is intended for generating long-term master keys or seeds.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ths-csprng",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.3",
|
|
4
4
|
"description": "Temporal-Hardening Solution: A CSPRNG wrapper designed to resist historical state reconstruction and hardware backdoors.",
|
|
5
5
|
"author": "Aries Harbinger",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -36,6 +36,7 @@
|
|
|
36
36
|
"node": ">=20"
|
|
37
37
|
},
|
|
38
38
|
"scripts": {
|
|
39
|
+
"init": "npm i --no-bin-links",
|
|
39
40
|
"build": "bash update.sh",
|
|
40
41
|
"verify": "bash verify.sh",
|
|
41
42
|
"test": "node --test ./test/test_suite.js && node --test ./test/benchmark.js",
|
|
@@ -44,30 +45,23 @@
|
|
|
44
45
|
},
|
|
45
46
|
"keywords": [
|
|
46
47
|
"csprng",
|
|
48
|
+
"drbg",
|
|
47
49
|
"cryptography",
|
|
48
50
|
"entropy",
|
|
49
51
|
"random",
|
|
50
52
|
"temporal-hardening",
|
|
51
53
|
"argon2",
|
|
52
|
-
"sha3",
|
|
53
|
-
"keccak",
|
|
54
54
|
"security",
|
|
55
55
|
"kmac"
|
|
56
56
|
],
|
|
57
|
-
"
|
|
57
|
+
"dependencies": {
|
|
58
58
|
"@noble/hashes": "^2.2.0"
|
|
59
59
|
},
|
|
60
|
-
"peerDependenciesMeta": {
|
|
61
|
-
"@noble/hashes": {
|
|
62
|
-
"optional": false
|
|
63
|
-
}
|
|
64
|
-
},
|
|
65
60
|
"devDependencies": {
|
|
66
|
-
"@
|
|
67
|
-
"
|
|
68
|
-
"docdash": "^2.0.2"
|
|
61
|
+
"@types/node": "^25.8.0",
|
|
62
|
+
"typedoc": "^0.28.19"
|
|
69
63
|
},
|
|
70
64
|
"publishConfig": {
|
|
71
65
|
"access": "public"
|
|
72
66
|
}
|
|
73
|
-
}
|
|
67
|
+
}
|