Ideally we'd be able to send a user a link to the repo including a short password and then they'd be able to download and decrypt the repo with that password.
It seems like argon2 is the current state of the art in key derivation. Here's the thinking:
- Add a plain text file to the encrypted repo which contains
- The key derivation salt and other inputs
- The key length, potentially for each key
- Some kind of encryption "version" or algorithm information
- This would allow for future upgrades of the protocols in use, etc
This would allow somebody knowing the password and having the repo contents to be able to decrypt, while still making the contents without the password impossible (currently computationally infeasible) to decrypt.
Ideally we'd be able to send a user a link to the repo including a short password and then they'd be able to download and decrypt the repo with that password.
It seems like argon2 is the current state of the art in key derivation. Here's the thinking:
This would allow somebody knowing the password and having the repo contents to be able to decrypt, while still making the contents without the password impossible (currently computationally infeasible) to decrypt.