forked from p7mj/Sierra-Security
Update README.md
This commit is contained in:
39
README.md
39
README.md
@@ -1,6 +1,4 @@
|
||||
# Sierra-Security
|
||||
|
||||
Sierra Security
|
||||
# Sierra Security
|
||||
|
||||
<h3>Introduction</h3>
|
||||
|
||||
@@ -10,8 +8,37 @@ Sierra Security is a verification system I plan to integrate across my systems.
|
||||
|
||||
The code is designed to be pasted at the start of your program. There are many variations for this module. Ensure that you are downloading the correct one:
|
||||
|
||||
`sierra-security-combination-X-X-X`: Combination of uuid verification and generation. Do not use for locks
|
||||
* `sierra-security-combination-x-x-x.py`: Combination of uuid verification and generation. **Do not use for locks.**
|
||||
* `sierra-security-generation-x-x-x.py`: Generation only, suitable for portable "keychains".
|
||||
* `sierra-security-verification-x-x-x.py`: Verification only, suitable for locks.
|
||||
|
||||
`sierra-security-generation-X-X-X`: Generation only, suitable for portable "keychains"
|
||||
---
|
||||
|
||||
`sierra-security-verification-X-X-X`: verification only, suitable for locks
|
||||
## V. A-2 Technical Enhancements & Hardening
|
||||
|
||||
Compared to the original A-1 logic, the **Version A-2** suite includes several critical security and cryptographic enhancements to prevent unauthorized access and forensic recovery across all P7MJ software.
|
||||
|
||||
### 1. Brute-Force Immunity (Hash Stretching)
|
||||
* **The Upgrade**: Implements **50,000 rounds** of SHA-256 hashing (Hash Stretching). This forces the computer to perform significant mathematical work for every single guess.
|
||||
* **Impact**: Even if an analyst identifies the 0-999 key range, testing all 1,000 keys would now take an automated script hours to complete. Since the ID expires every 15 minutes, brute-forcing is mathematically impossible.
|
||||
|
||||
### 2. Cryptographic Rolling Salt (Daily Expiration)
|
||||
* **The Upgrade**: The internal cryptographic "base" of the program now shifts every 24 hours based on the current UTC date string.
|
||||
* **How it Works**: The salt remains consistent for a 24-hour window. However, at 00:00 UTC, the date changes, causing the resulting UUIDs for the exact same keys to change entirely.
|
||||
* **Impact**: If a master key or authorized UUID is leaked or captured by a listener today, it becomes **completely useless tomorrow**. This prevents long-term replay attacks.
|
||||
|
||||
### 3. Global Sync (UTC Persistence)
|
||||
* **The Problem**: Standard local time varies by region, causing synchronization failures between a keychain and a target PC.
|
||||
* **The Fix**: Synchronized to **Coordinated Universal Time (UTC)** using timezone-aware objects.
|
||||
* **Impact**: Your keychain (phone/laptop) and your programs will always match perfectly, regardless of travel or geographical location.
|
||||
|
||||
### 4. Anti-Automation Delay
|
||||
* **The Logic**: Added an artificial 1.5-second `time.sleep()` during the verification process.
|
||||
* **Impact**: Limits the speed of manual or macro-based attempts. Combined with the 3-chance limit, automated "brute-force spam" is rendered ineffective.
|
||||
|
||||
### 5. Premium Visual Identity
|
||||
* **Upgrade**: Switched to high-fidelity "Sierra Curvy" ASCII art and implemented ANSI color-coding (Blue/Green/Red/Yellow).
|
||||
* **Impact**: Improved user experience and a professional, "elite" software feel.
|
||||
|
||||
---
|
||||
*Developed for All P7MJ Projects 2026*
|
||||
|
||||
Reference in New Issue
Block a user