Changeset 25566 in project

11/24/11 17:59:45 (9 years ago)
Alaric Snell-Pym

ugarit: Fixed non-keyed-hash algorithm, and wrote lots of security stuff in the README.

3 edited


  • release/4/ugarit/trunk/README.txt

    r25565 r25566  
    356356of block, and the salt string, producing hashes that attackers who can
    357357snoop the archive cannot use to find known blocks (see the "Security
    358 model" section below for more details). Whichever hash function you
    359 use, you will need to install the required Chicken egg with one of the
    360 following commands:
     358model" section below for more details).
     360I would recommend that you create a salt string from a secure entropy
     361source, such as:
     363   dd if=/dev/random bs=1 count=64 | base64 -w 0
     365Whichever hash function you use, you will need to install the required
     366Chicken egg with one of the following commands:
    362368    chicken-install -s tiger-hash  # for tiger
    401407      (encryption aes ([16|24|32] "We three kings of Orient are, one in a taxi one in a car, one on a scooter honking his hooter and smoking a fat cigar. Oh, star of wonder, star of light; star with royal dynamite"))
     409I would recommend that you generate a long passphrase from a secure
     410entropy source, such as:
     412   dd if=/dev/random bs=1 count=64 | base64 -w 0
    403414Finally, the extra-paranoid can request that Ugarit prompt for a
    433444      (storage "ssh ugarit@spiderman 'backend-fs splitlog /mnt/ugarit-data /mnt/ugarit-metadata/metadata 900000000'")
    434       (hash tiger "Giung0ahKahsh9ahphu5EiGhAhth4eeyDahs2aiWAlohr6raYeequ8uiUr3Oojoh")
    435       (encryption aes (32 "deing2Aechediequohdo6Thuvu0OLoh6fohngio9koush9euX6el9iesh6Aef4augh3WiY7phahmesh2Theeziniem5hushai5zigushohnah1quae1ooXo0eingu1Aifeo1eeSheaz9ieSie9tieneibeiPho0quu6um8weiyagh4kaeshooThooNgeyoul2Ahsahgh8imohw3hoyazai9gaph5ohhaechiedeenusaeghahghipe8ii3oo9choh5cieth5iev3jiedohquai4Thiedah5sah5kohcepheixai3aiPainozooc6zohNeiy6Jeigeesie5eithoo0ciiNae8Nee3eiSuKaiza0VaiPai2eeFooNgeengaif9yaiv9rathuoQuohy0ohth6OiL9aisaetheeWoh9aiQu0yoo6aequ3quoiChi7joonohwuvaipeuh2eiPoogh1Ie8tiequesoshaeBue5ieca8eerah0quieJoNoh3Jiesh1chei8weidixeen1yah1ioChie0xaimahWeeriex5eetiichahP9iey5ux7ahGhei7eejahxooch5eiqu0Pheir9Reiri4ahqueijuchae8eeyieMeixa4ciisioloe9oaroof1eegh4idaeNg5aepeip8mah7ixaiSohtoxaiH4oe5eeGoh4eemu7mee8ietaecu6Zoodoo0hoP5uquaish2ahc7nooshi0Aidae2Zee4pheeZee3taerae6Aepu2Ayaith2iivohp8Wuikohvae2Peange6zeihep8eC9mee8johshaech1Ubohd4Ko5caequaezaigohyai1TheeN6Gohva6jinguev4oox2eet5auv0aiyeo7eJieGheebaeMahshifaeDohy8quut4ueFei3eiCheimoechoo2EegiveeDah1sohs7ezee3oaWa2iiv2Chi1haiS5ahph4phu5su0hiocee3ooyaeghang7sho7maiXeo5aex"))
     445      (hash tiger "i3HO7JeLCSa6Wa55uqTRqp4jppUYbXoxme7YpcHPnuoA+11ez9iOIA6B6eBIhZ0MbdLvvFZZWnRgJAzY8K2JBQ")
     446      (encryption aes (32 "FN9m34J4bbD3vhPqh6+4BjjXDSPYpuyskJX73T1t60PP0rPdC3AxlrjVn4YDyaFSbx5WRAn4JBr7SBn2PLyxJw"))
    436447      (compression lzma)
    437448      (file-cache "/var/ugarit/cache")
    444455Print a copy out and lock it in your fire safe! Ok, currently, you
    445456might be able to recreate it if you remember where you put the
    446 storage, but encryption keys are harder to remember.
     457storage, but encryption keys and hash salts are harder to remember...
    448459## Your first backup
    964975## Core
     977* Add the option to support full HMAC for salted hashing; make this
     978  the recommended setting, with syntax `(hash tiger hmac "SALT")`, and
     979  require `(hash tiger simple "SALT")` to explicitly request legacy
     980  mode. Note this in the upgrade notes for existing users.
     982* Add the option to append HMACed signatures to the post-encryption
     983  blocks in the archive, to protect against people who tamper with
     984  blocks in order to try and exploit vulnerabilities in the
     985  decompression or decryption code (and to more quickly detect
     986  tampering in the pipeline, to reduce the DoS effect of all that
     987  wasted decryption and decompression, potentially including things
     988  that decrypt to giant amounts of RAM).
     990* When extracting, wrap each restore operation under
     991  extract-directory! with exception handling that logs the error and
     992  then continues with the next dirent in the directory.
     994* Check sensibly-worded conditions are raised when we try and fetch
     995  nonexistant or corrupted blocks from the archive in `archive-get`.
    966997* Make `fold-archive-node`'s listing of tags at the top level report
    967998  the lock status of the tags.
    10911122  symbols `.` and `..` being usable as meta-characters to do nothing
    10921123  or to go up a level. Write a utility procedure to parse a string
    1093   into such a form.
     1124  into such a form. Make it recognise and follow symlinks.
     1126* When symlinks are traversed by the path resolver and by the explore
     1127  CLI, make `<tag>/current` be a symlink to the timestamp of the
     1128  current snapshot rather than a clone of it, for neatness.
    10951130## Front-end
    10991134  passed since last time), or verbose (report every file), or very
    11001135  verbose (report every file and block).
     1137* Make the explore CLI let you cd into symlinks
    11021139* Add a command to force removing a tag lock.
    11621199  backend binary that takes a path to a log file and a backend command
    11631200  line to wrap.
     1202* Invoke the archive unit tests with every compression and encryption
     1203  option, and different hashing algorithms with and without keys
    11651205# Acknowledgements
    12551295  'end'. BUGFIX: Fixed tag locking, which was broken all over the
    12561296  place. Concurrent snapshots to the same tag should now block for one
    1257   another, although why you'd want to *do* that is questionable.
     1297  another, although why you'd want to *do* that is
     1298  questionable. BUGFIX: Fixed generation of non-keyed hashes, which
     1299  was incorrectly appending the type to the hash without an outer
     1300  hash. This breaks backwards compatability, but nobody was using the
     1301  old algorithm, right? I'll introduce it as an option if required.
    12591303* 1.0.1: Consistency check on read blocks by default. Removed warning
  • release/4/ugarit/trunk/test/run.scm

    r25565 r25566  
    164164               (test-define-values "Close key-stream writer" (ks-hash ks-reused?) ((key-stream-writer-finish! ksw)))
    165165               (test-assert "Key stream did not already exist" (not ks-reused?))
    166                (test "Correct hash"  "3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3test-ks" ks-hash)
     166               (test "Correct hash"  "947020be151022522aec2a98293963156059a7553655fe5a" ks-hash)
    167167               (test "Key stream reads back OK" '() (fold-key-stream a ks-hash 'test-ks cons '()))
    256256               (test-define-values "Close sexpr-stream writer" (ss-hash ss-reused?) ((sexpr-stream-writer-finish! ssw)))
    257257               (test-assert "Sexpr stream did not already exist" (not ss-reused?))
    258                (test "Correct hash"  "3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3t" ss-hash)
     258               (test "Correct hash"  "ffe0058890b682d7b3da062284635df245d7e209d8a23dee" ss-hash)
    259259               (test "Sexpr stream reads back OK" '() (fold-sexpr-stream a ss-hash 't 'ti cons '()))
  • release/4/ugarit/trunk/ugarit-core.scm

    r25565 r25566  
    8888(no-autoload lzma (compress lzma:compress) (decompress lzma:decompress))
    8989(no-autoload z3 z3:encode-buffer z3:decode-buffer)
    90 (autoload tiger-hash tiger192-digest tiger192-binary-digest)
    9190(no-autoload sha2 sha256-digest sha384-digest sha512-digest sha512-binary-digest)
    9291(no-autoload aes make-aes128-encryptor make-aes128-decryptor make-aes192-encryptor make-aes192-decryptor make-aes256-encryptor make-aes256-decryptor)
    105104(use posix)
    106105(use posix-extras)
     106(use tiger-hash)
    107107(use crypto-tools)
    108108(use stty)
    189189(define (choose-hash-function config)
    190   (let ((make-basic-hash (lambda (hash) (lambda (block type) (string-append (hash block) (symbol->string type)))))
     190  (let ((make-basic-hash (lambda (hash) (lambda (block type) (hash (string-append (hash block) (symbol->string type))))))
    191191        (make-keyed-hash (lambda (hash key) (lambda (block type) (hash (string-append key (hash block) (symbol->string type)))))))
    192192    (match config
Note: See TracChangeset for help on using the changeset viewer.