Skip to content

zefer File Analyzer

Jump to bottom
José Carrillo edited this page Jun 13, 2026 · 2 revisions

.zefer File Analyzer

The /analyzer page produces a deep security report for any .zefer file without the passphrase. The file is read locally with the File API — nothing is uploaded. It is a superset of the CLI's zefer info. Naturally, only public/structural information is available; everything sealed inside the AES-256-GCM ciphertext (expiration, IP allowlist, secret question, max attempts, and the content itself) stays invisible.

What it reports

Public header

  • Format: ZEFB3, ZEFR3, or a legacy format (ZEFER3/ZEFER2).
  • Content mode (text or file).
  • PBKDF2 iterations and the corresponding KDF level.
  • Compression method, sizes, reveal-key presence, and any public hint/note.

Structural integrity

  • Walks the chunk framing (the 4-byte length prefixes after the salt + IV) and flags corrupted or truncated files.
  • Shows the encrypted chunk count and an estimated content size (ciphertext minus the 16-byte GCM tags).

Ciphertext randomness

  • Shannon entropy over a 64 KB sample. Proper AES output is ≈ 8.0 bits/byte; low values flag corruption or fake "ciphertext".

Cryptographic identifiers

  • The salt and base IV in hex (these are public by design).
  • A full-file SHA-256 fingerprint for out-of-band integrity verification.

KDF resistance table

  • Per-GPU guess rate derived from the file's PBKDF2 iterations (≈ 10¹⁰ SHA-256/s ÷ 2·iterations), with crack times for typical passphrase strengths (28 / 45 / 72 / 400 bits) against a 1,000-GPU fleet.

Security observations

  • Severity-tagged findings: weak KDF level, public hint/note exposure, reveal-key access surface, compression side-channel, low entropy, or broken structure.

Why metadata stays hidden

Because Zefer seals expiration, IP rules, the secret question, and attempt limits inside the encrypted payload (see Security Architecture and Binary File Format), the analyzer — like anyone without the passphrase — can describe the file's shape and KDF strength but cannot read its protections or its contents.

CLI / MCP equivalents

  • zefer info <file> — the public-header summary (CLI).
  • zefer_inspect — the deep analysis as an MCP tool (MCP Server).

📖 Glossary — terms on this page: public header · ZEFB3 / ZEFR3 · PBKDF2 · salt · IV · authentication tag · entropy · hash (SHA-256) · chunk. Full list in the Glossary.

📖 New to a term? See the Glossary. · Zefer · Repository · CLI · MIT © José Carrillo

Zefer Wiki

Guides

Security

Channels

Tools

Project

Reference

Clone this wiki locally