Changeset 25566 in project


Ignore:
Timestamp:
11/24/11 17:59:45 (9 years ago)
Author:
Alaric Snell-Pym
Message:

ugarit: Fixed non-keyed-hash algorithm, and wrote lots of security stuff in the README.

Location:
release/4/ugarit/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • release/4/ugarit/trunk/README.txt

    r25565 r25566  
    356356of block, and the salt string, producing hashes that attackers who can
    357357snoop the archive cannot use to find known blocks (see the "Security
    358 model" section below for more details). Whichever hash function you
    359 use, you will need to install the required Chicken egg with one of the
    360 following commands:
     358model" section below for more details).
     359
     360I would recommend that you create a salt string from a secure entropy
     361source, such as:
     362
     363   dd if=/dev/random bs=1 count=64 | base64 -w 0
     364
     365Whichever hash function you use, you will need to install the required
     366Chicken egg with one of the following commands:
    361367
    362368    chicken-install -s tiger-hash  # for tiger
     
    400406
    401407      (encryption aes ([16|24|32] "We three kings of Orient are, one in a taxi one in a car, one on a scooter honking his hooter and smoking a fat cigar. Oh, star of wonder, star of light; star with royal dynamite"))
     408
     409I would recommend that you generate a long passphrase from a secure
     410entropy source, such as:
     411
     412   dd if=/dev/random bs=1 count=64 | base64 -w 0
    402413
    403414Finally, the extra-paranoid can request that Ugarit prompt for a
     
    432443
    433444      (storage "ssh ugarit@spiderman 'backend-fs splitlog /mnt/ugarit-data /mnt/ugarit-metadata/metadata 900000000'")
    434       (hash tiger "Giung0ahKahsh9ahphu5EiGhAhth4eeyDahs2aiWAlohr6raYeequ8uiUr3Oojoh")
    435       (encryption aes (32 "deing2Aechediequohdo6Thuvu0OLoh6fohngio9koush9euX6el9iesh6Aef4augh3WiY7phahmesh2Theeziniem5hushai5zigushohnah1quae1ooXo0eingu1Aifeo1eeSheaz9ieSie9tieneibeiPho0quu6um8weiyagh4kaeshooThooNgeyoul2Ahsahgh8imohw3hoyazai9gaph5ohhaechiedeenusaeghahghipe8ii3oo9choh5cieth5iev3jiedohquai4Thiedah5sah5kohcepheixai3aiPainozooc6zohNeiy6Jeigeesie5eithoo0ciiNae8Nee3eiSuKaiza0VaiPai2eeFooNgeengaif9yaiv9rathuoQuohy0ohth6OiL9aisaetheeWoh9aiQu0yoo6aequ3quoiChi7joonohwuvaipeuh2eiPoogh1Ie8tiequesoshaeBue5ieca8eerah0quieJoNoh3Jiesh1chei8weidixeen1yah1ioChie0xaimahWeeriex5eetiichahP9iey5ux7ahGhei7eejahxooch5eiqu0Pheir9Reiri4ahqueijuchae8eeyieMeixa4ciisioloe9oaroof1eegh4idaeNg5aepeip8mah7ixaiSohtoxaiH4oe5eeGoh4eemu7mee8ietaecu6Zoodoo0hoP5uquaish2ahc7nooshi0Aidae2Zee4pheeZee3taerae6Aepu2Ayaith2iivohp8Wuikohvae2Peange6zeihep8eC9mee8johshaech1Ubohd4Ko5caequaezaigohyai1TheeN6Gohva6jinguev4oox2eet5auv0aiyeo7eJieGheebaeMahshifaeDohy8quut4ueFei3eiCheimoechoo2EegiveeDah1sohs7ezee3oaWa2iiv2Chi1haiS5ahph4phu5su0hiocee3ooyaeghang7sho7maiXeo5aex"))
     445      (hash tiger "i3HO7JeLCSa6Wa55uqTRqp4jppUYbXoxme7YpcHPnuoA+11ez9iOIA6B6eBIhZ0MbdLvvFZZWnRgJAzY8K2JBQ")
     446      (encryption aes (32 "FN9m34J4bbD3vhPqh6+4BjjXDSPYpuyskJX73T1t60PP0rPdC3AxlrjVn4YDyaFSbx5WRAn4JBr7SBn2PLyxJw"))
    436447      (compression lzma)
    437448      (file-cache "/var/ugarit/cache")
     
    444455Print a copy out and lock it in your fire safe! Ok, currently, you
    445456might be able to recreate it if you remember where you put the
    446 storage, but encryption keys are harder to remember.
     457storage, but encryption keys and hash salts are harder to remember...
    447458
    448459## Your first backup
     
    964975## Core
    965976
     977* Add the option to support full HMAC for salted hashing; make this
     978  the recommended setting, with syntax `(hash tiger hmac "SALT")`, and
     979  require `(hash tiger simple "SALT")` to explicitly request legacy
     980  mode. Note this in the upgrade notes for existing users.
     981
     982* Add the option to append HMACed signatures to the post-encryption
     983  blocks in the archive, to protect against people who tamper with
     984  blocks in order to try and exploit vulnerabilities in the
     985  decompression or decryption code (and to more quickly detect
     986  tampering in the pipeline, to reduce the DoS effect of all that
     987  wasted decryption and decompression, potentially including things
     988  that decrypt to giant amounts of RAM).
     989
     990* When extracting, wrap each restore operation under
     991  extract-directory! with exception handling that logs the error and
     992  then continues with the next dirent in the directory.
     993
     994* Check sensibly-worded conditions are raised when we try and fetch
     995  nonexistant or corrupted blocks from the archive in `archive-get`.
     996
    966997* Make `fold-archive-node`'s listing of tags at the top level report
    967998  the lock status of the tags.
     
    10911122  symbols `.` and `..` being usable as meta-characters to do nothing
    10921123  or to go up a level. Write a utility procedure to parse a string
    1093   into such a form.
     1124  into such a form. Make it recognise and follow symlinks.
     1125
     1126* When symlinks are traversed by the path resolver and by the explore
     1127  CLI, make `<tag>/current` be a symlink to the timestamp of the
     1128  current snapshot rather than a clone of it, for neatness.
    10941129
    10951130## Front-end
     
    10991134  passed since last time), or verbose (report every file), or very
    11001135  verbose (report every file and block).
     1136
     1137* Make the explore CLI let you cd into symlinks
    11011138
    11021139* Add a command to force removing a tag lock.
     
    11621199  backend binary that takes a path to a log file and a backend command
    11631200  line to wrap.
     1201
     1202* Invoke the archive unit tests with every compression and encryption
     1203  option, and different hashing algorithms with and without keys
    11641204
    11651205# Acknowledgements
     
    12551295  'end'. BUGFIX: Fixed tag locking, which was broken all over the
    12561296  place. Concurrent snapshots to the same tag should now block for one
    1257   another, although why you'd want to *do* that is questionable.
     1297  another, although why you'd want to *do* that is
     1298  questionable. BUGFIX: Fixed generation of non-keyed hashes, which
     1299  was incorrectly appending the type to the hash without an outer
     1300  hash. This breaks backwards compatability, but nobody was using the
     1301  old algorithm, right? I'll introduce it as an option if required.
    12581302
    12591303* 1.0.1: Consistency check on read blocks by default. Removed warning
  • release/4/ugarit/trunk/test/run.scm

    r25565 r25566  
    164164               (test-define-values "Close key-stream writer" (ks-hash ks-reused?) ((key-stream-writer-finish! ksw)))
    165165               (test-assert "Key stream did not already exist" (not ks-reused?))
    166                (test "Correct hash"  "3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3test-ks" ks-hash)
     166               (test "Correct hash"  "947020be151022522aec2a98293963156059a7553655fe5a" ks-hash)
    167167               (test "Key stream reads back OK" '() (fold-key-stream a ks-hash 'test-ks cons '()))
    168168
     
    256256               (test-define-values "Close sexpr-stream writer" (ss-hash ss-reused?) ((sexpr-stream-writer-finish! ssw)))
    257257               (test-assert "Sexpr stream did not already exist" (not ss-reused?))
    258                (test "Correct hash"  "3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3t" ss-hash)
     258               (test "Correct hash"  "ffe0058890b682d7b3da062284635df245d7e209d8a23dee" ss-hash)
    259259               (test "Sexpr stream reads back OK" '() (fold-sexpr-stream a ss-hash 't 'ti cons '()))
    260260
  • release/4/ugarit/trunk/ugarit-core.scm

    r25565 r25566  
    8888(no-autoload lzma (compress lzma:compress) (decompress lzma:decompress))
    8989(no-autoload z3 z3:encode-buffer z3:decode-buffer)
    90 (autoload tiger-hash tiger192-digest tiger192-binary-digest)
    9190(no-autoload sha2 sha256-digest sha384-digest sha512-digest sha512-binary-digest)
    9291(no-autoload aes make-aes128-encryptor make-aes128-decryptor make-aes192-encryptor make-aes192-decryptor make-aes256-encryptor make-aes256-decryptor)
     
    105104(use posix)
    106105(use posix-extras)
     106(use tiger-hash)
    107107(use crypto-tools)
    108108(use stty)
     
    188188
    189189(define (choose-hash-function config)
    190   (let ((make-basic-hash (lambda (hash) (lambda (block type) (string-append (hash block) (symbol->string type)))))
     190  (let ((make-basic-hash (lambda (hash) (lambda (block type) (hash (string-append (hash block) (symbol->string type))))))
    191191        (make-keyed-hash (lambda (hash key) (lambda (block type) (hash (string-append key (hash block) (symbol->string type)))))))
    192192    (match config
Note: See TracChangeset for help on using the changeset viewer.