help-gnunet
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnunet] Using GNUnet as distributed storage for encryption key

From: Christian Grothoff
Subject: Re: [Help-gnunet] Using GNUnet as distributed storage for encryption keys
Date: Tue, 13 Aug 2013 12:51:55 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 
On 08/13/2013 12:40 PM, address@hidden wrote:



Hello,

sorry for silly questions, but I would like to know:

1. Is there a way to store file remotely for a long period (years), even if it 
will be downloaded very rarely and only by single peer?
It's a P2P system, so while the file may be stored for that long, there is no guarantee that the other peers will actually keep it. 


2. Is there a way don't store published file locally, even encrypted?
I guess you could configure the datastore to use the "heap" implementation (which stores data in memory only and is typically only used for testing) and then publish the file locally. Then it won't be stored on your disk at all, and if you set the right options it'll be pushed to other peers. Naturally, you can get the same effect by using a RAM disk for the volume of your "normal" database (sqlite/postgres/mysql). 


Let me explain the task from what these questions have arisen. I'm interested in 
encryption of local storage for long-living content. But existing tools (like TrueCrypt) 
store encryption keys somewhere locally (in the case of TrueCrypt - in the header of 
encrypted partition), where an adversary can easily obtain them. Hashing the keys with 
user-typed password doesn't provide sufficient security, because any password of 
reasonable complexity can easily be fitted by "brutal force" method.

My idea consists in storing encryption key remotely - in such a way, that 
nobody knows actually where it is. Rightful owner of the key can type password, 
that will be hashed with his login and peer id, then this hash can be used as 
id of the file with encryption key. It's useless for an adversary trying to fit 
the password, because of delay from network request to download.

For instance, originally generated AES-256 encryption password can be written 
on RAM disk in the file AES256.key. Then it can be published by something like 
this:

# gnunet-publish -D -n -V ramdisk/AES256.key

We read URI of the keyfile from the output of gnunet-publish, then extract from it all 
data, that identify the keyfile. Then we prompt user for password and make hash from peer 
id + user login + password. Then we make bitwise xor of the hash with the keyfile id and 
store the result locally as "hashed keyfile id". From now onwards, when 
AES256.key becomes unnecessary, it should be wiped from RAM disk.

When authentic user asks to start services using encrypted local content, he will be 
prompted for password. Peer id + user login + password will be hashed, then bitwise xor 
of the hash with "hashed keyfile id" will be made. From the result URI of the 
keyfile will be reconstructed. Then the keyfile should be downloaded by something like 
this:

# gnunet-download -o ramdisk/AES256.key URI

If the download is successful, the key from the file AES256.key can be used to 
decrypt/encrypt content of the corresponding local storage.

But:
A. It would be surprise, if after half year of inactivity user could not retrieve 
AES256.key, because it's "expired".
B. It would be not very good, if an adversary could find encrypted local copy of 
AES256.key and fit password to it by "brutal force" method.

So, afore-mentioned two questions have arisen.
I don't think this application makes much sense, as to retrieve the key from GNUnet you'll need a strong password to have good security for your key, and then you could just use that strong password to generate your AES256 key in the first place, without adding the unreliability of a P2P network. If your password is, as you write, too weak, then the indirection via GNUnet fails to provide fundamentally better security, as someone may brute-force the password to obtain the key in the same way.
Depending on your adversary, you may want to look into multi-factor authentication methods (i.e. key on a USB stick secured with a password, so that the adversary needs to have the physical stick AND the password AND the computer --- and then keep the stick in your wallet). Certain smartcards might afford even better protections.
But ultimately, GNUnet is not a key management solution, so my advice is to not use it for that. 


Happy hacking!

Christian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]