Erik Grinaker wrote:
> Sorry for leaving you hanging like this, but I've been very busy with
> other stuff lately. But I'm starting to get some free time now, and I
> expect to pick up Revelation development again in a couple of weeks.
> I'm initially positive to using LUKS for encryption, and really
> appreciate the work you've done. A few thoughts:
> Using LUKS would make it difficult to identify a Revelation file, as any
> LUKS-file has the same header format. We would have to rely on an
> arbitrary filename extension, which seems suboptimal. But I'm
> considering changing Revelation to just work against a hidden password
> database in the users home-directory and remove most of the file-related
> UI and functionality, which should make this mostly a non-issue.

The LUKS header does include a UUID to make each file/partition whatever
unique.  We might be able to do something with that...  In any case, if
you provide a password, we can open up the LUKS data part and check that
the first few bytes are <?xml ...> or whatever.  We just won't be able
to check before a password is inputed.

> LUKS seems to have alot of possibilities, but I'm not sure if it makes
> sense to implement them all in Revelation. For example, I see no point
> in having a preference for changing the encryption algorithm - we should
> pick one that is secure enough and use it, and if it's broken we should
> change it in a future version. In this case LUKS does give us
> backwards-compatability for free, though. LUKS also has lots of fun
> stuff like multiple keys and key revocation, but fully supporting it
> would mean adding complexity both in the user-interface and the code. So
> we would probably need to pick a basic subset of functionality to
> support.

Yeah, the latest patch on my server implements support for adding and
deleting a key, but just includes defaults for encryption settings and
the like.  The only non-obvious entry is the number of iterations to use
for the key, which I am currently prompting for on the change key
dialog.  I guess we could just choose a default of say 4000 or so (which
is what the textbox currently defaults to)
(I recently made some changes to the class, so you should
redownload it...)

> It does seem very cool though, and I'll play around with it in a few
> weeks when I can focus on Revelation again. In any case I will add your
> file handler to allow for importing and exporting of LUKS data files,
> but I'll have to take a closer look before deciding to use it by
> default.

Yeah, I have currently switched over to using revelation with my patch
and the LUKS format for all my passwords and revelation use.  I have
even added a second key using the GUI.  If you don't switch over, I
would like a preference or command option or something to use the LUKS
format as the default.


Reply via email to