Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi, Pierre Jaury pie...@jaury.eu writes: This software is still an early research project: as far as I know, only basic formal security analysis has been performed. Ok, just make sure that the users know about this. They will. Additionally, I plan on preparing the project for definitive packaging once some crucial bugs I already reported are fixed upstream. By the way, a detailed cryptographic analysis is currently being performed for vodstok protocol. The only spotted weakness is the single AES key being used for many related chunks, even if those are uploaded to various locations and named pseudo-randomly. Yet, an additional feature is being designed that will allow multiple keys to be used (ultimately, one key per chunk). vodstok could also use AES CBC (or any chained mode) as well as ECB for small files, ie. when downloading the whole file before decrypting remains an option. Yet, for your specific concern about usual AES vulnerability when using independently encrypted blocks, the project aims at providing temporary private storage but does not pretend to provide secure operations. Ok, next question is then: how does vodstok detects tampering done by hostile peers? There is no reason for vodstok to detect tampering, as long as design choices ensure that the system is reliable enough for temporary storage of non-critical files. First, repositories have a maximum amount of disk space to allocate. Once it is full, a repository will automatically delete old chunks to free enough disk space for the new uploaded files to be stored. Because uploaded chunks have a limited lifetime, there is a significant risk that a file lacks some chunks before it is successfully downloaded by clients. To avoid such a phenomenon, repositories publish statistics about the average lifetime of chunks; client software use these statistics to distribute the chunks so that small repositories are not overloaded. In case of an attacker flooding a repository with dummy chunks to quickly delete the useful ones, two mechanisms will mitigate the attempt. Timers are set so that a repository is not simply being flooded by some dumb client. Plus, the deletion mechanism relies on a most-recently-used list (and soon a most-frequently-used list) to ensure that chunks belonging to popular files are not deleted. Two separate binary packages might make sense in that case yes but they'll of course be part of the same source package I assume? Yes. Regards, Pierre. signature.asc Description: This is a digitally signed message part
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi again, I must clarify my very own point. vodstok could also use AES CBC (or any chained mode) as well as ECB for small files, ie. when downloading the whole file before decrypting remains an option. vodstok is actually using CBC, but for small independent chunks, which means it has more or less the same vulnerabilities as ECB. I was actually mentioning the possibility to encrypt the whole file using CBC before splitting it. Of course, because chunks are downloaded in random order, this is fine only for small files (the whole thing has to be downloaded before decryption). Regards. signature.asc Description: This is a digitally signed message part
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi, On 2012-05-15 21:33, Pierre Jaury wrote: This is an opensource, free and viral project Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Jonathan Wiltshire j...@debian.org (16/05/2012): Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? Quite a shock for a project advertised as licensed under the BSD! (INSTALL.txt says GPLv2 though.) Mraw, KiBi. signature.asc Description: Digital signature
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Le mercredi 16 mai 2012 09:22:46, Jonathan Wiltshire a écrit : Hi, On 2012-05-15 21:33, Pierre Jaury wrote: This is an opensource, free and viral project Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? From the website linked in the ITP: 4. Why is this project viral ? Once your Vodstok server functional, please drop the last version of Vodstok in the root directory of this web application. A webpage will be displayed when browsing the index page, and the kit would be available from this page. This is the viral part. Not exactly the definition of viral I have. Thanks, signature.asc Description: This is a digitally signed message part.
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
On 12-05-16 at 11:36am, Thomas Preud'homme wrote: Le mercredi 16 mai 2012 09:22:46, Jonathan Wiltshire a écrit : Hi, On 2012-05-15 21:33, Pierre Jaury wrote: This is an opensource, free and viral project Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? From the website linked in the ITP: 4. Why is this project viral ? Once your Vodstok server functional, please drop the last version of Vodstok in the root directory of this web application. A webpage will be displayed when browsing the index page, and the kit would be available from this page. This is the viral part. Not exactly the definition of viral I have. It feels obvious to me that it refers to viral marketing: http://en.wikipedia.org/wiki/Viral_marketing - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi, Not exactly the definition of viral I have. It feels obvious to me that it refers to viral marketing: http://en.wikipedia.org/wiki/Viral_marketing Exactly, ``viral'' sounds like a lame reference to viral marketting. I must agree displayed text and documentation need a complete review from the language point of view. Pierre. signature.asc Description: This is a digitally signed message part
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi, On Wed, 2012-05-16 at 11:02 +0200, Cyril Brulebois wrote: Jonathan Wiltshire j...@debian.org (16/05/2012): Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? Quite a shock for a project advertised as licensed under the BSD! (INSTALL.txt says GPLv2 though.) Mraw, KiBi. As explained already, this is a translation artifact. Should be understood as ``intended to be self-distributable'' as long as the web ui embeds the source package for download. About the license, my bad: it is licensed under *GPLv2*, I must have been distracted when first writing the ITP ticket. regards, Pierre signature.asc Description: This is a digitally signed message part
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
On 2012-05-16 13:19, Pierre Jaury wrote: On Wed, 2012-05-16 at 11:02 +0200, Cyril Brulebois wrote: Jonathan Wiltshire j...@debian.org (16/05/2012): Viral? I hope this is just a translation artefact; can you explain exactly what you mean by it? Quite a shock for a project advertised as licensed under the BSD! (INSTALL.txt says GPLv2 though.) As explained already, this is a translation artifact. Should be understood as ``intended to be self-distributable'' as long as the web ui embeds the source package for download. Thank you for the clarification. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Package: wnpp Severity: wishlist Owner: Pierre Jaury pie...@jaury.eu * Package name: vodstok Version : 1.2.3 Upstream Author : Damien Cauquil virtual...@gmail.com * URL : http://virtualabs.fr/vodstok/ * License : BSD Programming Lang: PHP Description : Voluntary Distributed Storage Kit Volonturay distributed file sharing This is an opensource, free and viral project that aims at providing collaborative distributed storage to users who want to store and share files temporarily over the Internet. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Pierre Jaury pie...@jaury.eu writes: Volonturay distributed file sharing This is an opensource, free and viral project that aims at providing collaborative distributed storage to users who want to store and share files temporarily over the Internet. Has somebody evaluated the security of this system? It seems it is using AES in CBC mode for 32*1024 - 16 byte chunks. Are the chunks encrypted independently? If yes, doesn't this mean that it has the same weaknesses as ECB mode? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
On Wed, 2012-05-16 at 00:37 +0300, Timo Juhani Lindfors wrote: Pierre Jaury pie...@jaury.eu writes: Volonturay distributed file sharing This is an opensource, free and viral project that aims at providing collaborative distributed storage to users who want to store and share files temporarily over the Internet. Has somebody evaluated the security of this system? It seems it is using AES in CBC mode for 32*1024 - 16 byte chunks. Are the chunks encrypted independently? If yes, doesn't this mean that it has the same weaknesses as ECB mode? This software is still an early research project: as far as I know, only basic formal security analysis has been performed. Yet, for your specific concern about usual AES vulnerability when using independently encrypted blocks, the project aims at providing temporary private storage but does not pretend to provide secure operations. Besides, there is no apparent relation between separately encrypted chunks held by multiple (dozens) of repositories in normal use case, which avoids basic risks of crypt-analysis. Finally, as an anticipation to further concerns (I used to have when first intending to package vodstok): yes, there may - will for sure, for security hardening purpose or anything else - be protocol changes. But most of the protocol is handled in the client part; plus, as long as provided storage is intended to be temporary (with automatic deprecation and deletion of old data), it does not sound like fatal for packaging. By the way, I am quite new at Debian packaging and still asking plenty of (dumb) questions. Should I package client-only as vodstok (which is in fact mostly written in Python) and PHP repository separately as vodstok-server or anything? Thanks, Pierre. signature.asc Description: This is a digitally signed message part
Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit
Hi, Pierre Jaury pie...@jaury.eu writes: This software is still an early research project: as far as I know, only basic formal security analysis has been performed. Ok, just make sure that the users know about this. Yet, for your specific concern about usual AES vulnerability when using independently encrypted blocks, the project aims at providing temporary private storage but does not pretend to provide secure operations. Ok, next question is then: how does vodstok detects tampering done by hostile peers? By the way, I am quite new at Debian packaging and still asking plenty of (dumb) questions. Should I package client-only as vodstok (which is in fact mostly written in Python) and PHP repository separately as vodstok-server or anything? Two separate binary packages might make sense in that case yes but they'll of course be part of the same source package I assume? -Timo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org