Can I password protect all tiddlers with a given tag?

Tihnessa · June 8, 2024, 7:13pm

It’s been a long time since I last looked into using TiddlyWiki (pre TW5 days) and I’m amazed at how much it’s developed.

My question is pretty much as the title; can I password protect all tiddlers with a given tag while allowing access to any others? I’m setting up a wiki for an RPG I’m planning and would like to be able to share it with my players without either having to duplicate effort or have my players nosing into places they shouldn’t.

Apologies if this has been asked before; I did try Google, but just got overwhelmed with the results.

Many thanks,
David Shaw

vilc · June 8, 2024, 8:37pm

There have been some threads about the important plugin Encrypt Tiddler, e.g. this one: Anyone use the Encrypt Tiddler Plugin?
but I don’t think anyone has asked this exact question. Which I happen to have already answered for myself sometime ago

I have created some tweaks that make this easy, basing on Encrypt Tiddler plugin, take a look here: wilk-tweaks — TW tweaks, settings, styles, palettes.

My additions make it easy to encrypt/decrypt all tiddlers with a given tag all at once using the same password ¹. They also prevent from saving by clicking the save button if the tiddlers are not encrypted (it does not prevent saving by keyboard shortcut though).
So this is not a good solution for very sensitive data in a public wiki, but it should be just alright for hiding a part of an RPG wiki.
Feel free to ask if you have any questions about it.

¹ As far as I understand, encrypting multiple tiddlers with the same password shouldn’t be a security loophole (as in making it easier to brute force or otherwise break), I’d be happy if anyone with knowledge on the topic could confirm.

pmario · June 10, 2024, 2:26am

Having different passwords actually makes it harder to decrypt the whole content. Except if your passwords are weak. Eg: if you guess one of them eg: PW and the others are PW1, PW2 and so on.

vilc · June 10, 2024, 5:55am

Thank you. Maybe the question should be phrased differently. Assuming we have a non-guessable password, is encrypting multiple tiddlers with this password substantially easier to break than encrypting the whole wiki with the same password?

In any case, I think the risk of accidentally saving in the non-encrypted state is much higher than that of anyone brute forcing the encrypted tiddlers. So as I already said, this approach is good for hiding parts of a game from friends, but not good for anything more serious.

pmario · June 10, 2024, 6:21am

Assuming we have a non-guessable password,

Breaking 1 password is difficult.
Breaking several passwords is more difficult.

You have to put a similar amount of work into breaking each password.

Encryption algorithms are made to have a completely different output, as soon as 1 bit in the encryption key changes.

A rule of thumb using strong encryption is: The cost to break encryption should be higher than the cost to “develop the content” on your own.

That’s only 1 reason where encryption can be used.

pmario · June 10, 2024, 7:03am

Strong encryption can be used to “hide parts of a game from friends”, since it’s relatively easy to use it. It will work, since the “cost” to break the encryptions will definitely outweigh the “cost” to create the content on your own.

That’s not true. The default settings used by the TW encryption library, are still good for sensitive data stored offline. I would not publish any sensitive data online, where everyone has access.

Because the internet does not forget and we do not know, how good future decryption hacks will get.

See: Query: How secure is the inbuilt encryption option in TW? - #16 by pmario