Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | implement client-server Proof Of Work | Joey Hess | 2016-09-12 |
| | | | | | | | | | | | | | | | | | | | Mashed up a argon2-based PoW with token buckets and bloom filters. This is intended to prevent a few abuses including: * Using a keysafe server for general file storage, by storing a whole lot of chunks. * An attacker guessing names that people will use, and uploading junk to keysafe servers under those names, to make it harder for others to use keysafe later. * An attacker trying to guess the names used for objects on keysafe servers in order to download them and start password cracking. (As a second level of defense, since the name generation hash is expensive already.) Completely untested, but it builds! This commit was sponsored by Andreas on Patreon. | ||
* | Removed embedded copy of secret-sharing library, since finite-field only ↵ | Joey Hess | 2016-08-28 |
| | | | | | | supports prime fields. This caused shares to double in size. | ||
* | pin servant to 0.7 | Joey Hess | 2016-08-28 |
| | | | | | | 0.8 also works ok. What does not work is leaving it unpinned and letting servant-0.7 be used with servant-server-0.8. That produces strange compile errors, so pin to avoid. | ||
* | initial http api using servant | Joey Hess | 2016-08-20 |
| | |||
* | use zxcvbn-c for fairly good password entropy estimation | Joey Hess | 2016-08-16 |
| | | | | | This should be good enough to let the keysafe UI comment on how good a password the user chooses. | ||
* | build with stack | Joey Hess | 2016-08-15 |