diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/details.mdwn | 34 | ||||
| -rw-r--r-- | doc/index.mdwn | 16 | ||||
| -rw-r--r-- | doc/news/version_0.20160927.mdwn | 20 | ||||
| -rw-r--r-- | doc/news/version_0.20161006.mdwn | 10 | ||||
| -rw-r--r-- | doc/news/version_0.20161007.mdwn | 9 | ||||
| -rw-r--r-- | doc/news/version_0.20161022.mdwn | 12 | ||||
| -rw-r--r-- | doc/news/version_0.20161107.mdwn | 14 | ||||
| -rw-r--r-- | doc/news/version_0.20170122.mdwn | 8 | ||||
| -rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn | 10 | ||||
| -rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment | 17 | ||||
| -rw-r--r-- | doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment | 8 |
11 files changed, 88 insertions, 70 deletions
diff --git a/doc/details.mdwn b/doc/details.mdwn index e0f85e5..b014b2b 100644 --- a/doc/details.mdwn +++ b/doc/details.mdwn @@ -363,3 +363,37 @@ This could be used in several ways: objects for both. If the user is being forced to give up their keysafe name and password, they could provide the fake name, and if it were used, their data would get deleted from the keysafe servers. + +### Better object-id derivation + +An idea from Ben M: + +> I was the fellow who mentioned using an HMAC instead of +> append-index-and-hash to generate the object-ids in keysafe. +> +> That's probably an okay approach if you need to bind the output to a +> particular input string, but on reflection (unless I missed something) +> it would be equivalent for keysafe to take a stream and chop it up, then +> just "number" the chunks sequentially. +> +> In that case, the "most correct" choice would probably be HKDF (RFC5869 +> [1]). Specifically, the second part of HKDF -- "HKDF-Expand". +> +> (The first part, HKDF-Extract, is appropriate to apply /before/ key +> stretching, but stretching itself serves much the same purpose -- +> removing "structure" from the input key. Especially given that Argon2 +> is designed specifically to handle user passwords, I expect that +> HKDF-Extract is entirely unnecessary here.) +> +> HKDF is what TLS 1.3 will use to expand its per-session master keys into +> individual keys for encryption and MACing [2], and AFAIK is generally +> considered The Right Way to generate a stream of distinct keys from a +> master key, where the compromise of any key should not permit derivation +> of the others. +> +> So, um. Pretend I never mentioned HMAC, but spruiked HKDF instead :) +> +> (Of course, this is pretty much bikeshedding. A first pre-image attack +> on SHA-2 in the near term would be a rude shock, and a full break would +> break HKDF too. But HKDF may prove more robust in the face of partial +> breaks, giving more time to move everyone to a new hash or scheme.) diff --git a/doc/index.mdwn b/doc/index.mdwn index e0cda48..873eb35 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -40,14 +40,20 @@ For a more in-depth explanation, and some analysis of different attack vectors (and how keysafe thwarts them), see [[details]]. Also, there's a [[FAQ]]. +Here's a video explaining keysafe: + +<html> +<video controls width=400 src="http://mirror.linux.org.au/pub/linux.conf.au/2017/securely_backing_up_gpg_private_keys_to_the_cloud.webm"></video> +</html> + ## News -[[!inline pages="code/keysafe/news/* and !*/Discussion" show="3"]] +[[!inline pages="news/* and !*/Discussion" show="3"]] ## Installation -Keysafe is now available in Debian experimental. Install it from there, or -from source. +Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). +Install it from there, or from source. ## Git repository @@ -63,9 +69,9 @@ libraries, and zenity. For example, on a Debian system: sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity -Then to build and install keysafe: +Then to build and install keysafe, cd into its source tree and run: - stack install keysafe + stack install Note that there is a manpage, but stack doesn't install it yet. diff --git a/doc/news/version_0.20160927.mdwn b/doc/news/version_0.20160927.mdwn deleted file mode 100644 index 1787aa5..0000000 --- a/doc/news/version_0.20160927.mdwn +++ /dev/null @@ -1,20 +0,0 @@ -keysafe 0.20160927 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Makefile: Avoid rebuilding on make install, so that sudo make install works. - * Added --chaff-max-delay option for slower chaffing. - * Fix embedded copy of Argon2 to not use Word64, fixing build on 32 bit - systems. - * Randomize the server list. - * Don't upload more than neededshares-1 shares to Alternate servers - without asking the user if they want to do this potentially dangerous - action. - * Added a second keysafe server to the server list. It's provided - by Marek Isalski at Faelix. Currently located in UK, but planned move - to CH. Currently at Alternate level until verification is complete. - * Server: --motd can be used to provide a Message Of The Day. - * Added --check-servers mode, which is useful both at the command line - to see what servers keysafe knows about, and as a cron job. - * Server: Round number of objects down to the nearest thousand, to avoid - leaking too much data about when objects are uploaded to servers. - * Filter out escape sequences and any other unusual characters when - writing all messages to the console."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161006.mdwn b/doc/news/version_0.20161006.mdwn deleted file mode 100644 index 2758b34..0000000 --- a/doc/news/version_0.20161006.mdwn +++ /dev/null @@ -1,10 +0,0 @@ -keysafe 0.20161006 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * New --add-storage-directory and --add-server options, which can be used - to make keysafe backup/restore using additional locations. - * Removed --store-local option; use --add-storage-directory instead. - * Fix bugs with entry of gpg keyid in the keysafe.log. - * Fix bug in --autostart that caused the full gpg keyid to be - used to generate object names, which made restores would only work - when --gpgkeyid was specifid. - * Remove embedded copy of argon2 binding, depend on fixed version of package."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161007.mdwn b/doc/news/version_0.20161007.mdwn deleted file mode 100644 index a7e8468..0000000 --- a/doc/news/version_0.20161007.mdwn +++ /dev/null @@ -1,9 +0,0 @@ -keysafe 0.20161007 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Check if --store-local directory is writable. - * Removed dependency on crypto-random. - * Added a LSB init script, for non-systemd systems. - (It currently uses Debian's start-stop-daemon, so would need porting - for other distributions.) - * /etc/default/keysafe is read by both the systemd service file and the - init script, and contains configuration for the keysafe server."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161022.mdwn b/doc/news/version_0.20161022.mdwn deleted file mode 100644 index e54f26e..0000000 --- a/doc/news/version_0.20161022.mdwn +++ /dev/null @@ -1,12 +0,0 @@ -keysafe 0.20161022 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Add keywords to desktop file. - Thanks, Sean Whitton - * Fix use of .IP macro in manpage. - Thanks, Sean Whitton - * Fix some mispellings. - Thanks, Sean Whitton - * Makefile: Propagate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. - * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. - * Makefile: Allow setting BUILDEROPTIONS=-j1 to avoid concurrent - build, which should make build reproducible."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20161107.mdwn b/doc/news/version_0.20161107.mdwn deleted file mode 100644 index d98987e..0000000 --- a/doc/news/version_0.20161107.mdwn +++ /dev/null @@ -1,14 +0,0 @@ -keysafe 0.20161107 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * The third keysafe server is now available, provided by Purism. - * Purism's keysafe server has been vetted to Recommended level! - * Change default for --port to 4242. - * Fix --check-server to not fail when the server has not had anything - stored on it yet. - * --upload-queued: Exit nonzero if unable to upload all queued objects. - * --autostart: If unable to upload all queued objects initially, - delay between 1 and 2 hours and try again. - * Better suggestion when user is having difficulty thinking of a strong - enough password. - * Defer requesting secret key from gpg until just before backup, so the - user knows why gpg is asking for this secret key to be backed up."""]]
\ No newline at end of file diff --git a/doc/news/version_0.20170122.mdwn b/doc/news/version_0.20170122.mdwn new file mode 100644 index 0000000..de03c93 --- /dev/null +++ b/doc/news/version_0.20170122.mdwn @@ -0,0 +1,8 @@ +keysafe 0.20170122 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Adjust cabal bounds to allow building with ghc 8.0. + However, the stack.yaml is still using an old LTS version + to avoid polynomial's failure to build with ghc 8.0 + (https://github.com/mokus0/polynomial/issues/8) + * Clarify that dollars in cost estimates are USD. + * Keysafe has a new website, https://keysafe.branchable.com/"""]]
\ No newline at end of file diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn new file mode 100644 index 0000000..c05748c --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__.mdwn @@ -0,0 +1,10 @@ +New version of raaz is released and will hopefully end up in debian expt. soon. +It would be good if we can get keysafe to use the new interface as there is some breakage +but hope fully good ones. + + +Ref. + +https://github.com/raaz-crypto/raaz/issues/278 + +> [[done]] --[[Joey]] diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment new file mode 100644 index 0000000..0c9734e --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_1_5f3f9b9337e82674dc03a3de4b96ac9f._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-03-03T19:30:06Z" + content=""" +Got it to compile without a great deal of difficulty. Only needed changes +around random data generation, and that is done with secure memory now +(in cases where it matters), which is nice! (Although I still need to do +further work to make keysafe use exclusively secure memory for gpg key +related material.) + +Keysafe's test suite passes, so this *probably* avoids breaking restore of +keys backed up before. + +I've committed this to master but want to test it some more before +releasing. +"""]] diff --git a/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment new file mode 100644 index 0000000..eb8a106 --- /dev/null +++ b/doc/todo/Update_to_new_version_of_raaz___40__0.1.1__41__/comment_2_06f4ff0c86aa877656cee67ff054e9b1._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2017-03-03T20:15:04Z" + content=""" +Tested restore of key backed up with a previous keysafe release; still +works after this conversion. +"""]] |