This reminds me of LifeLock CEO's Todd Davis public challenge [1] when he revealed his Social Security number prominently on his site and billboards with overconfidence that his identity cannot be stolen but, unfortunately, he's been a victim of identity theft at least 13 times.
> Portable Secret is not a product and it is barely a project
You are such a humble person as you clearly stated why this thing was built. I am, in no way, claiming that you are too confident in your work, despite it being a cool project that can be used by privacy-aware techies. Your expression Crack me if you can just triggered LifeLock's story from the deepest part of my mind.
Your tool would be safer if you used CBC (with some MAC) rather than GCM as the cipher mode, so that key & IV reuse would not be as dangerous. That said, since you generate a different salt and IV every time, the likelihood of key & IV reuse is very low, and having to implement an AEAD cipher mode by generic construction would be somewhat annoying. So I think the choice of GCM is fine enough.
This reminds me of LifeLock CEO's Todd Davis public challenge [1] when he revealed his Social Security number prominently on his site and billboards with overconfidence that his identity cannot be stolen but, unfortunately, he's been a victim of identity theft at least 13 times.
1. https://www.wired.com/2010/05/lifelock-identity-theft/