GhosText

Inspiration

inspired from a post on X that says "If u still think that your messages are safe , you are still living in an illusion. Encryption isn't a luxury; it's a necessity."

What it does

Encrypt and decrypt messages directly in your terminal using secure symmetric encryption (Fernet) derived from a custom password. GhostText ensures that your messages remain ephemeral, accessible only with the correct key/password.

How we built it

Core Language: Developed entirely in Python 3 for speed, readability, and cross-platform compatibility.Cryptographic Foundation: Leveraged the production-grade cryptography library, avoiding the rookie mistake of "rolling our own crypto".Key Derivation: Implemented PBKDF2HMAC (Password-Based Key Derivation Function 2) with SHA-256 and 480,000 iterations to stretch user passwords into secure 32-byte keys.Symmetric Encryption: Integrated Fernet (AES-128 in CBC mode with HMAC authentication) to ensure that messages cannot be read or altered without the correct key.

Challenges we ran into

Windows Unicode/Encoding Crash: Encountered a critical UnicodeEncodeError when trying to print the ghost emojis (👻) in standard Windows environments running CP1252 encoding. We solved this by configuring standard I/O streams to force UTF-8 compatibility.Password-to-Key Mapping: Standard Fernet requires a strictly formatted, URL-safe base64 encoded 32-byte key. Mapping a simple human-readable text password to this strict format required setting up a secure key derivation pipeline.Balancing Ephemerality: Keeping everything strictly in RAM meant avoiding standard file inputs/outputs, which forced us to design a pure, terminal-driven interactive loop.

Accomplishments that we're proud of

Functional Visual Identity: Created a distinct, cyberpunk-inspired ASCII art terminal interface that works smoothly upon launch.Bulletproof Error Handling: Prevented the application from crashing when a user inputs a wrong key or a corrupted ciphertext, replacing ugly traceback errors with clean, user-friendly security warnings.Zero-Knowledge Architecture: Successfully built a tool that encrypts data without ever caching, saving, or transmitting the user's master password.What we learned

What we learned

Windows vs. Unix Terminal Behaviors: Gained hands-on experience with environmental variables and encoding differences across operating systems.Key Derivation Mechanics: Learned how salts and stretching iterations protect weaker passwords against modern brute-force and rainbow table attacks.Symmetric vs. Asymmetric Trade-offs: Deepened our understanding of when to use symmetric encryption (fast, single shared secret) versus asymmetric encryption.

What's next for GhosText

Local Executable Compilation: Package the script into a standalone binary executable using PyInstaller so users can run GhosText without needing Python installed. Local Executable Compilation: Package the script into a standalone binary executable using PyInstaller so users can run GhosText without needing Python installed.

Built With

• cryptography
• fernet
• python