Erik Grinaker wrote: > Sorry for leaving you hanging like this, but I've been very busy with > other stuff lately. But I'm starting to get some free time now, and I > expect to pick up Revelation development again in a couple of weeks. > > I'm initially positive to using LUKS for encryption, and really > appreciate the work you've done. A few thoughts: > > Using LUKS would make it difficult to identify a Revelation file, as any > LUKS-file has the same header format. We would have to rely on an > arbitrary filename extension, which seems suboptimal. But I'm > considering changing Revelation to just work against a hidden password > database in the users home-directory and remove most of the file-related > UI and functionality, which should make this mostly a non-issue.
The LUKS header does include a UUID to make each file/partition whatever unique. We might be able to do something with that... In any case, if you provide a password, we can open up the LUKS data part and check that the first few bytes are <?xml ...> or whatever. We just won't be able to check before a password is inputed. > > LUKS seems to have alot of possibilities, but I'm not sure if it makes > sense to implement them all in Revelation. For example, I see no point > in having a preference for changing the encryption algorithm - we should > pick one that is secure enough and use it, and if it's broken we should > change it in a future version. In this case LUKS does give us > backwards-compatability for free, though. LUKS also has lots of fun > stuff like multiple keys and key revocation, but fully supporting it > would mean adding complexity both in the user-interface and the code. So > we would probably need to pick a basic subset of functionality to > support. Yeah, the latest patch on my server implements support for adding and deleting a key, but just includes defaults for encryption settings and the like. The only non-obvious entry is the number of iterations to use for the key, which I am currently prompting for on the change key dialog. I guess we could just choose a default of say 4000 or so (which is what the textbox currently defaults to) http://www.cs.wisc.edu/~lenz/luks (I recently made some changes to the luks.py class, so you should redownload it...) > > It does seem very cool though, and I'll play around with it in a few > weeks when I can focus on Revelation again. In any case I will add your > file handler to allow for importing and exporting of LUKS data files, > but I'll have to take a closer look before deciding to use it by > default. > Yeah, I have currently switched over to using revelation with my patch and the LUKS format for all my passwords and revelation use. I have even added a second key using the GUI. If you don't switch over, I would like a preference or command option or something to use the LUKS format as the default. John
