MX² offers a minimal and portable ASCII-safe format for encrypting high-entropy secrets using established cryptography (Argon2id + XChaCha20-Poly1305). Designed for transparency and reproducibility, this solution ensures a secure way to protect long-term secrets without dependence on proprietary systems.
MX² — A Portable, Password-Protected XChaCha20-Poly1305 + Argon2id Container Format
MX² (MAX 2 eXcryption) offers a robust and secure solution for long-term secret storage through a portable, verifiable container format. By utilizing well-studied cryptographic techniques—Argon2id for password hardening and XChaCha20-Poly1305 for encryption—MX² ensures that sensitive information can be encrypted in a minimal and ASCII-safe way. The primary goal of MX² is to provide an auditable and reproducible mechanism across various platforms without reliance on proprietary algorithms or specific ecosystems.
Features
- Portable ASCII-safe container for easy transport of secrets
- Deterministic format allowing reproducibility of key derivation
- Zero cloud dependency, ensuring complete control of data
- Suitable for QR encoding, facilitating convenient secret sharing
- Fully auditable by researchers and developers
- Reproducibility across different implementations and platforms
Core Functionality
MX² operates as a password-protected vault, where a user’s password does not generate cryptographic material but unlocks a secure MX² container. This container stores two high-entropy secret phrases—acting as a root secret—from which an unlimited number of deterministic keys can be derived. These keys can serve various purposes, such as per-device authentication or identity material, while ensuring that no private keys are stored on disk.
How MX² Works
The functioning of MX² can be summarized as follows:
- User Password: Only the password is needed for the user to access their secrets.
- MX² Container: This portable encrypted vault holds a JSON record (designated MAXREC) with long-term secret material. The encryption key is derived from the password, ensuring secure storage of the contained information.
- Secret Phrases: Two high-entropy phrases stored within the container act as the foundation for deriving multiple keys deterministically.
Use Cases
MX² is ideal for various applications, including but not limited to:
- Creating encrypted backups
- Transporting secrets via QR codes
- Building password-based vaults across multiple platforms
- Implementing deterministic key derivation systems
- Facilitating offline recovery workflows
- Establishing reproducible secret containers for research purposes
Security and Verification
With a strong emphasis on security, MX² makes use of recognized cryptographic standards. The system employs Argon2id as a password hardening method and XChaCha20-Poly1305 for authenticated encryption, ensuring that no server is involved and that all cryptographic materials remain strictly within the user's device.
Research and Development
The transparent nature of MX² allows for independent verification and auditing by researchers, including inspecting its format and parameters while providing ease of compatibility across various platforms such as macOS, Linux, and Windows. Full interoperability tests verify that MX² maintains consistent operation between different implementations, enhancing confidence in its design and usability.
For further information or to contribute to enhancing the cryptographic framework, refer to the MX² specifications and explore its potential applications in secure data management.
No comments yet.
Sign in to be the first to comment.