From 186908e1ae2e5f9c2aa64832798fb8f36f5c0842 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 11 Aug 2017 18:58:59 -0400 Subject: add news item for keysafe 0.20170811 --- doc/news/version_0.20170811.mdwn | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 doc/news/version_0.20170811.mdwn diff --git a/doc/news/version_0.20170811.mdwn b/doc/news/version_0.20170811.mdwn new file mode 100644 index 0000000..814ab10 --- /dev/null +++ b/doc/news/version_0.20170811.mdwn @@ -0,0 +1,3 @@ +keysafe 0.20170811 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0."""]] \ No newline at end of file -- cgit v1.2.3 From 70ac4cb64cc610eff6ed70b5ab81122fb4071615 Mon Sep 17 00:00:00 2001 From: sandipan Date: Sun, 3 Dec 2017 15:12:20 +0000 Subject: removed --- doc/index.mdwn | 93 ---------------------------------------------------------- 1 file changed, 93 deletions(-) delete mode 100644 doc/index.mdwn diff --git a/doc/index.mdwn b/doc/index.mdwn deleted file mode 100644 index 5c0c670..0000000 --- a/doc/index.mdwn +++ /dev/null @@ -1,93 +0,0 @@ -Keysafe securely backs up a gpg secret key or other short secret to the cloud. - -This is not intended for storing Debian Developer keys that yield root on -ten million systems. It's about making it possible for users to use gpg who -currently don't, and who would find it too hard to use `paperkey` to back -up and restore their key as they reinstall their laptop. - -Not yet ready for production use! Needs security review! -May run over your dog! Not suitable for bitcoin keys! - -## Screenshots - -See [[screenshots]]. (Keysafe can also run in text mode in a terminal.) - -## How it works, basically - -The secret key is encrypted using a password, and is split into three -shards, and each is uploaded to a server run by a different entity. Any two -of the shards are sufficient to recover the original key. So any one server -can go down and you can still recover the key. - -Keysafe checks your password strength (using the excellent but not perfect -[zxcvbn library](https://github.com/tsyrogit/zxcvbn-c)), -and shows an estimate of the cost to crack your password, -before backing up the key. - -[[screenshots/4.png]] -(Above is for the password "makesad spindle stick") - -Keysafe is designed so that it should take millions of dollars of computer -time to crack any fairly good password. (This is accomplished using -[Argon2](https://en.wikipedia.org/wiki/Argon2).) -With a truely good password, such as four random words, the cracking cost -should be many trillions of dollars. - -The password is the most important line of defense, but keysafe's design -also makes it hard for an attacker to even find your encrypted secret key. - -For a more in-depth explanation, and some analysis of different attack -vectors (and how keysafe thwarts them), see [[details]]. -Also, there's a [[FAQ]]. - -Here's a video explaining keysafe: - - - - - -## News - -[[!inline pages="news/* and !*/Discussion" show="3"]] - -## Installation - -Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). -Install it from there, or from source. - -## Git repository - -`git clone git://keysafe.branchable.com/ keysafe` or -`git clone https://git.joeyh.name/git/keysafe.git/` - -All tags and commits in this repository are gpg signed, and you should -verify the signature before using it. - -## Building from source - -You should first install Haskell's stack tool, the readline and argon2 -libraries, and zenity. For example, on a Debian system: - - sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity - -Then to build and install keysafe, cd into its source tree and run: - - stack install - -Note that there is a manpage, but stack doesn't install it yet. - -## Reporting bugs - -Post to [[todo]] or email - -## Servers - -See [[servers]] for information on the keysafe servers. - -## License - -Keysafe is licensed under the terms of the AGPL 3+ - -## Thanks - -Thanks to Anthony Towns for his help with keysafe's design. -- cgit v1.2.3 From 81da10b66d2163b2e2cfed9754f825f2758b081c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:20:53 -0400 Subject: Revert "removed" This reverts commit 70ac4cb64cc610eff6ed70b5ab81122fb4071615. --- doc/index.mdwn | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 doc/index.mdwn diff --git a/doc/index.mdwn b/doc/index.mdwn new file mode 100644 index 0000000..5c0c670 --- /dev/null +++ b/doc/index.mdwn @@ -0,0 +1,93 @@ +Keysafe securely backs up a gpg secret key or other short secret to the cloud. + +This is not intended for storing Debian Developer keys that yield root on +ten million systems. It's about making it possible for users to use gpg who +currently don't, and who would find it too hard to use `paperkey` to back +up and restore their key as they reinstall their laptop. + +Not yet ready for production use! Needs security review! +May run over your dog! Not suitable for bitcoin keys! + +## Screenshots + +See [[screenshots]]. (Keysafe can also run in text mode in a terminal.) + +## How it works, basically + +The secret key is encrypted using a password, and is split into three +shards, and each is uploaded to a server run by a different entity. Any two +of the shards are sufficient to recover the original key. So any one server +can go down and you can still recover the key. + +Keysafe checks your password strength (using the excellent but not perfect +[zxcvbn library](https://github.com/tsyrogit/zxcvbn-c)), +and shows an estimate of the cost to crack your password, +before backing up the key. + +[[screenshots/4.png]] +(Above is for the password "makesad spindle stick") + +Keysafe is designed so that it should take millions of dollars of computer +time to crack any fairly good password. (This is accomplished using +[Argon2](https://en.wikipedia.org/wiki/Argon2).) +With a truely good password, such as four random words, the cracking cost +should be many trillions of dollars. + +The password is the most important line of defense, but keysafe's design +also makes it hard for an attacker to even find your encrypted secret key. + +For a more in-depth explanation, and some analysis of different attack +vectors (and how keysafe thwarts them), see [[details]]. +Also, there's a [[FAQ]]. + +Here's a video explaining keysafe: + + + + + +## News + +[[!inline pages="news/* and !*/Discussion" show="3"]] + +## Installation + +Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). +Install it from there, or from source. + +## Git repository + +`git clone git://keysafe.branchable.com/ keysafe` or +`git clone https://git.joeyh.name/git/keysafe.git/` + +All tags and commits in this repository are gpg signed, and you should +verify the signature before using it. + +## Building from source + +You should first install Haskell's stack tool, the readline and argon2 +libraries, and zenity. For example, on a Debian system: + + sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity + +Then to build and install keysafe, cd into its source tree and run: + + stack install + +Note that there is a manpage, but stack doesn't install it yet. + +## Reporting bugs + +Post to [[todo]] or email + +## Servers + +See [[servers]] for information on the keysafe servers. + +## License + +Keysafe is licensed under the terms of the AGPL 3+ + +## Thanks + +Thanks to Anthony Towns for his help with keysafe's design. -- cgit v1.2.3 From d198036e101240f2126515936646b2f963889cd6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:23:08 -0400 Subject: don't embed video avoid http content warning video is not available over https, so only link to it --- doc/index.mdwn | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/doc/index.mdwn b/doc/index.mdwn index 5c0c670..0770bd9 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -38,13 +38,8 @@ also makes it hard for an attacker to even find your encrypted secret key. For a more in-depth explanation, and some analysis of different attack vectors (and how keysafe thwarts them), see [[details]]. -Also, there's a [[FAQ]]. - -Here's a video explaining keysafe: - - - - +Also, there's a [[FAQ]], and a +[video explaining keysafe](https://mirror.linux.org.au/pub/linux.conf.au/2017/securely_backing_up_gpg_private_keys_to_the_cloud.webm). ## News -- cgit v1.2.3 From 09e2de4dccba643e797e2837cf987da4e79dd7ee Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:24:53 -0400 Subject: add forum --- doc/forum.mdwn | 4 ++++ doc/index.mdwn | 6 ++++++ 2 files changed, 10 insertions(+) create mode 100644 doc/forum.mdwn diff --git a/doc/forum.mdwn b/doc/forum.mdwn new file mode 100644 index 0000000..af5229b --- /dev/null +++ b/doc/forum.mdwn @@ -0,0 +1,4 @@ +This is a place to discuss using etckeeper, share tips and tricks, etc. +If you need help, advice, or anything, post about it here. + +[[!inline pages="forum/* and !*/Discussion" archive=yes rootpage=forum postformtext="Add a new thread titled:"]] diff --git a/doc/index.mdwn b/doc/index.mdwn index 0770bd9..e2fc6cc 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -86,3 +86,9 @@ Keysafe is licensed under the terms of the AGPL 3+ ## Thanks Thanks to Anthony Towns for his help with keysafe's design. + +[[!sidebar content=""" +[[FAQ]] +[[todo]] +[[forum]] +"""]] -- cgit v1.2.3 From 5c0cc9b2f754b4abff7b6d3f3925ce26138d5a60 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:27:16 -0400 Subject: typo --- doc/forum.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum.mdwn b/doc/forum.mdwn index af5229b..5b57b57 100644 --- a/doc/forum.mdwn +++ b/doc/forum.mdwn @@ -1,4 +1,4 @@ -This is a place to discuss using etckeeper, share tips and tricks, etc. +This is a place to discuss using keysafe, share tips and tricks, etc. If you need help, advice, or anything, post about it here. [[!inline pages="forum/* and !*/Discussion" archive=yes rootpage=forum postformtext="Add a new thread titled:"]] -- cgit v1.2.3 From 473e0484d6408e014243071fbe0698c03dd6ebe8 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:28:58 -0400 Subject: caps --- doc/index.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/index.mdwn b/doc/index.mdwn index e2fc6cc..28fa831 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -89,6 +89,6 @@ Thanks to Anthony Towns for his help with keysafe's design. [[!sidebar content=""" [[FAQ]] -[[todo]] -[[forum]] +[[Todo]] +[[Forum]] """]] -- cgit v1.2.3 From 8af994320d3cd343e038bd9721c5ecc80e4b9246 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 26 Mar 2018 07:39:13 -0400 Subject: Updated to argon2-1.3. New parameters are set to the old values and test suite passes so this looks good. This commit was sponsored by Nick Daly on Patreon. --- CHANGELOG | 6 ++++++ ExpensiveHash.hs | 7 +++---- Tunables.hs | 4 ++++ keysafe.cabal | 3 ++- stack.yaml | 5 ++++- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index af81330..f1b119d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +keysafe (0.20170812) UNRELEASED; urgency=medium + + * Updated to argon2-1.3. + + -- Joey Hess Mon, 26 Mar 2018 07:33:45 -0400 + keysafe (0.20170811) unstable; urgency=medium * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0. diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index 6fab15c..4a01194 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -11,6 +11,7 @@ import Tunables import Cost import Serialization () import qualified Data.Text as T +import Data.Text.Short (toText) import qualified Data.ByteString as B import qualified Crypto.Argon2 as Argon2 import Raaz.Core.Encode @@ -31,12 +32,10 @@ data Salt t = Salt t expensiveHash :: Encodable t => ExpensiveHashTunable -> Salt t -> B.ByteString -> ExpensiveHash expensiveHash (UseArgon2 cost opts) (Salt s) b = ExpensiveHash cost $ - -- Using hashEncoded here and not hash, - -- because of this bug: - -- https://github.com/ocharles/argon2/issues/3 - Argon2.hashEncoded opts b argonsalt + either hashfailed toText $ Argon2.hashEncoded opts b argonsalt where -- argon salt cannot be shorter than 8 bytes, so pad with spaces. argonsalt = let sb = toByteString s in sb <> B.replicate (8 - B.length sb ) 32 + hashfailed e = error ("hash generation failed: " ++ show e) diff --git a/Tunables.hs b/Tunables.hs index 5c28a39..2e96b8c 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -112,6 +112,8 @@ defaultTunables = Tunables let Divisibility n = d in fromIntegral n , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } d = Divisibility 4 -- argon2 uses 4 threads @@ -156,6 +158,8 @@ proofOfWorkHashTunable addits = , Argon2.hashMemory = 1000 , Argon2.hashParallelism = 4 , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } where nits = 20 + addits diff --git a/keysafe.cabal b/keysafe.cabal index 188d02a..575a131 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -36,11 +36,12 @@ Executable keysafe -- changes to these could break backup/restore, so when loosening -- the version ranges, it's important to run keysafe --test secret-sharing == 1.0.* - , argon2 == 1.2.* + , argon2 == 1.3.* , raaz == 0.1.1 , base (>= 4.5 && < 5.0) , bytestring == 0.10.* , text == 1.2.* + , text-short == 0.1.* -- Changes to these dependencies should not impact the data that -- keysafe backs up and restores. , deepseq == 1.4.* diff --git a/stack.yaml b/stack.yaml index 6704d6b..7baf51a 100644 --- a/stack.yaml +++ b/stack.yaml @@ -2,8 +2,11 @@ packages: - '.' resolver: lts-9.0 extra-deps: -- argon2-1.2.0 +- argon2-1.3.0.0 - secret-sharing-1.0.0.3 - dice-entropy-conduit-1.0.0.1 - polynomial-0.7.3 +- finite-field-0.8.0 +- text-short-0.1.2 +- zxcvbn-c-1.0.1 explicit-setup-deps: -- cgit v1.2.3 From 8adbfac38a1d6b206c6e40f70f73aaa555435b8e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 26 Mar 2018 08:12:25 -0400 Subject: releasing package keysafe version 0.20180326 --- CHANGELOG | 4 ++-- keysafe.cabal | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f1b119d..dd0d751 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,8 +1,8 @@ -keysafe (0.20170812) UNRELEASED; urgency=medium +keysafe (0.20180326) unstable; urgency=medium * Updated to argon2-1.3. - -- Joey Hess Mon, 26 Mar 2018 07:33:45 -0400 + -- Joey Hess Mon, 26 Mar 2018 08:12:00 -0400 keysafe (0.20170811) unstable; urgency=medium diff --git a/keysafe.cabal b/keysafe.cabal index 575a131..10803fc 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -1,5 +1,5 @@ Name: keysafe -Version: 0.20170811 +Version: 0.20180326 Cabal-Version: >= 1.8 Maintainer: Joey Hess Author: Joey Hess -- cgit v1.2.3