←back to thread

Show HN: SecretMemoryLocker – File Encryption Without Static Passwords

(github.com)
14 points YuriiDev | 1 comments | 25 Aug 25 16:39 UTC | HN request time: 0.204s | source

I built SecretMemoryLocker (https://secretmemorylocker.com), a file encryption tool that generates keys dynamically from your answers to personal questions instead of using a static master password. This makes offline brute-force attacks much more difficult. Think of it as a password manager that meets mnemonic seed recovery, but without storing any sensitive keys on disk.

Why? I kept losing master passwords and wanted a solution that wasn't tied to a single point of failure. I also wanted to create a "digital legacy" that my family could access only under specific conditions. The core principle is knowledge-based encryption: the key only exists in memory when you provide the correct answers.

Status: * MVP is ready for Windows (.exe). * Linux and macOS support is planned. * UI is available in English, Spanish, and Ukrainian.

Key Features:

* No Static Secrets: No master password or seed phrase is ever stored. The key is reconstructed on the fly.

* Knowledge-Based Key Generation: The final encryption key is derived from a combination of your personal answers and file metadata.

* Offline Brute-Force Resistance: Uses MirageLoop, a decoy system that activates when incorrect answers are entered. Instead of decrypting real data, it generates an endless sequence of AI-created questions from a secure local database, creating an illusion of progress while keeping your real data untouched.

* Offline AI Generation Mode: Optional offline Q&A generator (prototype).

How It Works (Simplified):

1) Files are packed into an AES-256 encrypted ZIP archive.

2) A JSON key file stores the questions in an encrypted chain. Each subsequent question is encrypted with a key derived from the previous correct answer and the file's hash. This forces you to answer them sequentially.

3) The final encryption key for the ZIP file is derived by combining the hashes of all your correct answers. The key derivation formula looks like this:

  K_final = SHA256(H(answer1+file_hash) + H(answer2+file_hash) + ...)
(Note: We are aware that a fast hash like SHA256 is not ideal for a KDF. We plan to migrate to Argon2 in a future release to further strengthen resistance against brute-force attacks.)

To encrypt, you provide a file. This creates two outputs: your_file.txt → your_file_SMLkey.json + your_file_SecretML.zip

To decrypt, you need both files and the correct answers.

Install & Quick Start: Download the EXE from GitHub Releases (no dependencies needed):

https://github.com/SecretML/SecretMemoryLocker/releases

Encrypt:

  SecretMemoryLocker.exe --encrypt "C:\docs\important.pdf"
Decrypt:

  SecretMemoryLocker.exe --decrypt "C:\docs\important_SMLkey.json"
I would love to get your feedback on the concept, the user experience, and any security assumptions I've made. Thanks!
Show context
indianmouse ◴[28 Aug 25 07:28 UTC] No.45049448[source]
Where is the source code?

How can one expect to run a random executable in their computers?

Virustotal detection.

https://www.virustotal.com/gui/file/c30e7440cabce773c437d69a...

For whatever reasons, provide the source code and let people figure out.

Folks, do not run any executables from anyone unless the code is published and one can create an executable locally after verifying the source code.

Whomsoever it may be and whatsoever the code may perform!

Just stay safe.

- Zero Trust should be the motto for everything. That's mine always!

replies(1): >>45049462 #
1. indianmouse ◴[28 Aug 25 07:30 UTC] No.45049462[source]
If you do not want to publish the source code, then please call it out on your website and explicitly mention it in a striking manner that you are not publishing the source code and it is an executable that anyone has to run to try out the concept.

Let people figure out how to make use of it. Thanks.