keysafe - Debian packaging for Keysafe

	Commit message (Collapse)	Author	Age
*	support slightly older version of deps	Joey Hess	2020-02-14
\| \| \| \| \|	Needed for slightly old lts, needed by debian since their stack is well out of date.
*	updated many dependencies, ghc 8.x	Joey Hess	2020-02-14
\| \| \| \| \| \| \| \| \| \| \| \| \|	Updated many dependencies, notably secret-sharing which dropped the dep on polynomial, and so allows building with ghc 8.x. Did not try to support building with older ghc because the semigroup-monid transition would make it nontrivial. Stackage lts-14.25 is a compromise, since the stack shipped in debian (even unstable) is not able to handle newer ones. This commit was sponsored by Eric Drechsel on Patreon.
*	updated to http-client 0.5.3, servant 0.11 and stackage lts-9.0	Joey Hess	2017-08-10
\| \| \| \| \| \| \| \| \| \| \| \|	servant broke backwards compatibility; did not try to maintain back-compat (would be possible). New http-client exported some stuff I need; simplified code; did not try to maintain back-compat, although it would not be hard. Test suite passes. This commit was sponsored by Øyvind Andersen Holm.
*	Fix build with some versions of servant.	Joey Hess	2017-04-03
\| \| \| \| \| \|	Application is exported by Servant 0.8.1, but apparently not by some other versions that the cabal file allows to be used. Explictly import from Network.Wai
*	fix bad patch in 6c289708280f721338a3f334196cf92f99ea2d14	Joey Hess	2017-04-03
\| \| \| \| \|	That did not compile it seems and seems I didn't test it either before applying. This should do the same thing.
*	fix indent	Joey Hess	2017-03-22
\|
*	one more instance of showBase16 removed.	Piyush P Kurur	2017-03-22
\|
*	Updated to use raaz-0.1.1.	Joey Hess	2017-03-03
\| \| \| \|	This commit was sponsored by John Peloquin on Patreon.
*	Removed dependency on crypto-random.	Joey Hess	2016-10-07
\| \| \| \| \| \| \| \|	Use raaz for random bytestring generation exclusively. It was already used in all important places, but chaffing was using crypto-random. Note that System.Random is used for delays during chaffing and by random-shuffle.
*	New --add-storage-directory and --add-server options	Joey Hess	2016-10-06
\| \| \| \| \| \| \| \|	* New --add-storage-directory and --add-server options, which can be used to make keysafe backup/restore using additional locations. * Removed --store-local option; use --add-storage-directory instead. This commit was sponsored by Thomas Hochstein on Patreon.
*	move level from Server to Storage	Joey Hess	2016-10-06
\| \| \| \| \| \| \|	This allows local storage locations to have levels too, and also get shuffled nicely. This commit was sponsored by Ethan Aubin.
*	Server: Round number of objects down to the nearest thousand, to avoid ↵	Joey Hess	2016-09-27
\| \| \| \|	leaking too much data about when objects are uploaded to servers.
*	Added --check-servers mode, which is useful both at the command line to see ↵	Joey Hess	2016-09-27
\| \| \| \| \| \|	what servers keysafe knows about, and as a cron job. This commit was sponsored by Jake Vosloo on Patreon.
*	Server: --motd can be used to provide a Message Of The Day.	Joey Hess	2016-09-27
\| \| \| \|	This commit was sponsored by Anthony DeRobertis on Patreon.
*	allow servers to have multiple or no addresses	Joey Hess	2016-09-22
\| \| \| \| \| \| \| \| \| \| \| \| \|	This allows the server list to contain 3 servers although only 1 is running so far; uploads to the others will be queued. It also allows a server to be spread amoung multiple addresses, which may be useful later for scaling. This changes BackupRecord serialization, but it's not been in a keysafe release yet, so that's not a problem. This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
*	Added --backup-server and --restore-server	Joey Hess	2016-09-15
\| \| \| \| \| \|	To aid in backing up keysafe servers with minimal information leakage. This commit was sponsored by Andrea Rota.
*	rejigger to avoid division underflow	Joey Hess	2016-09-14
\|
*	Make rate limiter adapt to ongoing load more quickly -- every 15 minutes ↵	Joey Hess	2016-09-14
\| \| \| \|	instead of every 60.
*	Reduce number of buckets in rate limiter, avoiding ones with very low proof ↵	Joey Hess	2016-09-14
\| \| \| \| \| \| \| \|	of work. This got out of whack when sections were converted to rationals; there were buckets that needed trivial proofs of work, and having these extra buckets increased the total possible throughput.
*	format	Joey Hess	2016-09-14
\|
*	Revert "add date to logger"	Joey Hess	2016-09-14
\| \| \| \| \| \|	This reverts commit 0f0aa21ea11f6eae368326b178d4c3eaf5cc5186. Dunno why, but this prevents it printing anything. Needs investigation.
*	catch exceptions in eg, tor socket setup	Joey Hess	2016-09-14
\| \| \| \| \| \|	Socks can throw exceptions at connection time, and these are not caught by the ExceptT, so catch at a higher level, and catch all exceptions to prevent the client crashing.
*	Store information about backed up keys in ~/.keysafe/backup.log	Joey Hess	2016-09-14
\| \| \| \| \| \| \| \|	This can be deleted by the user at any time, but it's useful in case a server is known to be compromised, or a problem is found with keysafe's implementation that makes a backup insecure. This commit was sponsored by Nick Daly on Patreon.
*	constructed the bloom filter wrong	Joey Hess	2016-09-14
\|
*	use less expensive hash for proof of work	Joey Hess	2016-09-13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The server has to run the hash once to verify a request, so a hash that took 4 seconds could make the server do too much work if it's being flooded with requests. So, made the hash much less expensive. This required keeping track of fractional seconds. Actually, I used Rational for them, to avoid most rounding problems. That turned out nice. I've only tuned the proofOfWorkHashTunable on my fanless overheating laptop so far. It seems to be fairly reasonablly tuned though.
*	eliminate half the bloom filters, using HMAC to verify RequestIDs	Joey Hess	2016-09-13
\| \| \| \| \| \| \| \| \| \| \|	Simplifies code, uses less memory, and don't need to protect against flooding generation of RequestIDs, since the server does not store them at all. Note that the RequestIDSecret is only stored in ram, so restarting the server will invalidate any RequestIds given out before. It would be possible now to store that on disk to avoid that problem, but probably not worth it.
*	made fallback request queue fair	Joey Hess	2016-09-13
\| \| \| \| \| \| \| \|	Once on the queue, requests should not need to contend with other requests that are not on the queue, so added a fallback request bucket. tokenBucketWait is not fair, so ensure FIFO processing of the queue by using a FairRWLock.
*	add date to logger	Joey Hess	2016-09-13
\|
*	use fast-logger for better logging	Joey Hess	2016-09-13
\|
*	implemented dynamic rate limiting	Joey Hess	2016-09-13
\|
*	improved rate limiter	Joey Hess	2016-09-13
\| \| \| \| \|	Now caps total request rate even if attacker is willing to burn infinite CPU on PoW.
*	got my usec conversion wrong	Joey Hess	2016-09-13
\|
*	Revert "refactor"	Joey Hess	2016-09-13
\| \| \| \|	This reverts commit 48ec718a6211a71ae0a796eb1c3a6ea091dc6e14.
*	got my usec conversion wrong	Joey Hess	2016-09-13
\|
*	refactor	Joey Hess	2016-09-13
\|
*	half the fill rate	Joey Hess	2016-09-13
\| \| \| \| \| \|	This decreases the possible maximumStorageRate by half, down from 10 gb/month to 5 gb/month. Which is probably a tolerable amount for many servers; that's 16 months to fill up a terabyte disk.
*	use half as many token buckets	Joey Hess	2016-09-13
\| \| \| \| \| \| \|	(down from 7 to 4) This decreases the possible maximumStorageRate by half, down from 18 gb/month to 10 gb/month.
*	maximumStorageRate calculation	Joey Hess	2016-09-13
\|
*	use token bucket as the random salt generation rate limiter	Joey Hess	2016-09-13
\| \| \| \| \|	This avoids a 1s delay in requests, except when an attacker is flooding them.
*	refactor	Joey Hess	2016-09-12
\|
*	add proof of work to countobjects	Joey Hess	2016-09-12
\| \| \| \|	In this case, an empty string is hashed to generate the PoW.
*	implement client-server Proof Of Work	Joey Hess	2016-09-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Mashed up a argon2-based PoW with token buckets and bloom filters. This is intended to prevent a few abuses including: * Using a keysafe server for general file storage, by storing a whole lot of chunks. * An attacker guessing names that people will use, and uploading junk to keysafe servers under those names, to make it harder for others to use keysafe later. * An attacker trying to guess the names used for objects on keysafe servers in order to download them and start password cracking. (As a second level of defense, since the name generation hash is expensive already.) Completely untested, but it builds! This commit was sponsored by Andreas on Patreon.
*	new module	Joey Hess	2016-09-12
\|
*	added --store-directory	Joey Hess	2016-08-31
\|
*	Added basic test suite.	Joey Hess	2016-08-30
\|
*	make server default to only listening to localhost	Joey Hess	2016-08-29
\| \| \| \| \|	This way, the tor hidden service using it will be the only way it's exposed.
*	refactor	Joey Hess	2016-08-28
\|
*	better error for invalid object size	Joey Hess	2016-08-28
\|
*	simplify http api, remove apiversion	Joey Hess	2016-08-28
\| \| \| \|	Not needed since all routes are tagged with the api version.
*	http: refuse to store object of unexpected size	Joey Hess	2016-08-28
\|