Two-secret combiner
SHA3-256 and BLAKE2b-256 are computed independently per passphrase, then XOR-mixed with domain separation.
Two passphrases.
One repeatable key.
KeyWeaver derives the same high-entropy cryptographic key from the same two passphrases — every time, on any machine. No salt to lose. No keyfile to back up. Just the recipe.
# Derive a VeraCrypt-compatible key with Argon2id
python keyweaver.py --kdf argon2id --veracrypt --fingerprintWhy KeyWeaver
Three modern KDFs
Choose PBKDF2-SHA512 for portability, scrypt for memory hardness, or Argon2id for the modern best practice.
Fully deterministic
Same passphrases plus the same parameters always produce the same key. Re-derive on any machine, any time.
VeraCrypt-ready
Output as full hex, 32-byte VeraCrypt hex, or a binary keyfile written with restrictive permissions.
CLI and GUI
Scriptable command line for automation. Tkinter GUI for one-off derivations — no extra dependencies.
Safety guards
Strength meter, minimum-entropy enforcement, clipboard auto-clear, atomic keyfile writes, and a one-way fingerprint for cross-checks.
How it works
Two passphrases pass through independent two-hash constructions, are XOR-combined with domain separation, then stretched through a memory-hard KDF.
Passphrase 1
Passphrase 2
SHA3-256 ‖ BLAKE2bperson = VC2_P1
SHA3-256 ‖ BLAKE2bperson = VC2_P2
XOR — combined block (64 bytes)
KDF stretch (PBKDF2 / scrypt / Argon2id)
Final key — 128 bytes
- Two-hash construction. SHA3-256 and BLAKE2b-256 are unrelated families; concatenating their digests gives 64 bytes of mixed material per passphrase.
- Personalization. BLAKE2b's
personparameter isVC2_P1for the first passphrase andVC2_P2for the second, so swapping inputs yields a different key. - XOR combiner. The two 64-byte blocks are XORed. The result inherits the entropy of the strongest input.
- Deterministic salt. Salt =
SHA512(label ‖ combined_block), preserving determinism. - KDF stretch. PBKDF2-SHA512, scrypt, or Argon2id is run over the combined block to produce the final 128-byte key.
Install
Python 3.8 or newer. The Argon2id KDF requires argon2-cffi, which is included in the requirements file.
# Clone
git clone https://github.com/MuchDevSuchCode/KeyWeaver.git
cd keyweaver
# Install dependencies
pip install -r requirements.txt
# Run the CLI
python keyweaver.py --help
# Run the GUI
python keyweaver_gui.pyCommon recipes
VeraCrypt 32-byte key, Argon2id, with fingerprint
python keyweaver.py --kdf argon2id --veracrypt --fingerprintBinary keyfile, scrypt, restrictive permissions
python keyweaver.py --kdf scrypt --output-mode keyfile \
--keyfile ~/secrets/vol1.keyCopy to clipboard, auto-clear in 60 seconds
python keyweaver.py --kdf argon2id --copy --copy-timeout 60Refuse weak passphrases
python keyweaver.py --min-entropy 100KDF parameter guidance
⚠ Parameters are part of the determinism contract. Pick once, write them down, and never change them for a given key — otherwise you cannot reproduce that key.
| KDF | Default | Tighter | Notes |
|---|---|---|---|
| PBKDF2-SHA512 | iter=600 000 |
iter=2 000 000+ |
Stdlib only. No memory hardness. |
| scrypt | N=16 384, r=8, p=1≈16 MiB |
N=1 048 576≈1 GiB |
Memory-hard. Strong GPU resistance. |
| Argon2id | m=65 536, t=3, p=164 MiB |
m=1 048 576, t=41 GiB |
Modern best practice. Recommended for new deployments. |
Security
Protects against
- Disclosure of one passphrase alone.
- Cross-context reuse (domain-separated personalization).
- Race conditions on keyfile creation (atomic
O_EXCLwrites, mode0600).
Does not protect against
- Compromise of the running process (memory dumps, keyloggers).
- Disclosure of both passphrases — by design.
- Disclosure of the derived key or written keyfile.
- Weak passphrases — pick long, high-entropy, non-reused secrets.
Memory wiping is best-effort: Python cannot reliably erase immutable strings.
Internal buffers use bytearray and are zeroed after use.
For high-value workflows, run on a system with encrypted swap and locked memory pages.
Try it
One file, one dependency, one deterministic key.
Get KeyWeaver →