Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
On Fri, Nov 16, 2007 at 10:31:06AM +, Simon McVittie wrote: I already packaged this in Ubuntu. Feel free to adopt it for Debian. Having looked at the Ubuntu packaging, I'm somewhat concerned about it - it seems you don't have the changes I made in upstream bzr to make gfsplit cryptographically safe. No, I wasn't aware of such changes. The patch to gfcombine to support - as meaning standard output looks reasonable, but I'm not sure what it's doing in Ubuntu but not upstream... perhaps we could get that in 1.0.3. The patch is: The patch should definitely have been sent upstream. My apologies. I wrote it while on a train, and when I got near internet access again, I had forgotten all about it. I suck. although I'd be inclined to change it to just use stdout instead of fdopening STDOUT_FILENO, Makes sense. I can't remember why I did it that way, tbh. and make the indentation consistent (the rest of the package consistently uses 2 spaces, the else clause in the patch has a tab). Good catch. -- Soren Hansen Ubuntu Server Team http://www.ubuntu.com/ signature.asc Description: Digital signature
Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(Cc'ing the author)
On Thu, 15 Nov 2007 at 11:29:18 +0100, Soren Hansen wrote:
I already packaged this in Ubuntu. Feel free to adopt it for Debian.
Having looked at the Ubuntu packaging, I'm somewhat concerned about it -
it seems you don't have the changes I made in upstream bzr to make
gfsplit cryptographically safe. In 1.0.2 it uses pseudo-random numbers from
rand() to do the splitting - I haven't proved whether any connection between
the random coefficients breaks the useful cryptographic properties of the
Shamir method, but I suspect it does, and my analysis of it
(doc/theory.tex in bzr) assumes that the random numbers used are uniform
and independent.
In upstream bzr I patched gfsplit to use /dev/urandom if it exists, and warn
if it doesn't; this is why I'm packaging a bzr snapshot rather than a
release. I've asked Daniel to make a 1.0.3 release, but presumably he's
been too busy recently.
The patch to gfcombine to support - as meaning standard output looks
reasonable, but I'm not sure what it's doing in Ubuntu but not
upstream... perhaps we could get that in 1.0.3. The patch is:
- --- libgfshare-1.0.2.orig/tools/gfcombine.c
+++ libgfshare-1.0.2/tools/gfcombine.c
@@ -88,9 +88,13 @@
gfshare_ctx *G;
unsigned int len1;
- - outfile = fopen( outputfilename, wb );
+ if (strcmp(outputfilename, -) == 0)
+outfile = fdopen(STDOUT_FILENO, w);
+ else
+ outfile = fopen( outputfilename, wb );
+
if( outfile == NULL ) {
- -perror(outputfilename);
+perror((strcmp(outputfilename, -) == 0) ? standard out :
outputfilename);
return 1;
}
for( i = 0; i filecount; ++i ) {
although I'd be inclined to change it to just use stdout instead of fdopening
STDOUT_FILENO, and make the indentation consistent (the rest of the package
consistently uses 2 spaces, the else clause in the patch has a tab).
Regards,
Simon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: OpenPGP key: http://www.pseudorandom.co.uk/2003/contact/ or pgp.net
iD8DBQFHPXFqWSc8zVUw7HYRAo3bAJ9LIJ+S7GUYs7feTpUgsJoI/ycVxQCeJ9oc
TguC+Rxp4KLY5Hn4ShgZCEE=
=Iqj7
-END PGP SIGNATURE-
Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: wnpp Severity: wishlist Owner: Simon McVittie [EMAIL PROTECTED] * Package name: libgfshare Version : 1.0.2+bzr20070822 Upstream Author : Daniel Silverstone [EMAIL PROTECTED] * URL : http://www.digital-scurf.org/software/libgfshare * License : MIT Programming Lang: C Description : library and utilities for multi-way secret sharing This library implements Shamir's method for secret sharing, which can be used to split a secret (like a GPG secret key) into multiple parts, so that at least some number of those parts are needed to recover the original file, but any smaller combination of parts is useless to an attacker. . For instance, you might split a GPG key using a 3-of-5 share and put one share on each of three computers, and two shares on a USB memory stick; then you can use the GPG key on any of those three computers using the memory stick, but if the memory stick is lost, you can recover the key by bringing the three computers together. As well as a set of library packages, I intend to package the gfsplit and gfcombine command-line utilities as a binary package gfshare-utils. I'm in contact with the upstream author, and have asked him to release current bzr as 1.0.3, but until then I'm going to package what's in bzr. If anyone's interested: I have vague plans to write a FUSE filesystem that works like a cross between gfcombine and unionfs, and the upstream author has told me that Søren Hansen http://warma.dk/blog/ has similar plans. Packaging in progress: http://bzr.debian.org/~smcv-guest/bzr/libgfshare -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: OpenPGP key: http://www.pseudorandom.co.uk/2003/contact/ or pgp.net iD8DBQFHPBlFWSc8zVUw7HYRAn3OAKDi2iX/nIW7bRmgkci/J2qVP7w49ACgslX7 iYrFI4psVNiHb81bVGjBbIY= =QFEv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
On Thu, Nov 15, 2007 at 10:02:46AM +, Simon McVittie wrote: If anyone's interested: I have vague plans to write a FUSE filesystem that works like a cross between gfcombine and unionfs, and the upstream author has told me that Søren Hansen http://warma.dk/blog/ has similar plans. Right. I'd say I'm 70% done. I want to integrate it with hal, which turned out to be a bit tricky, but I know where I'm headed. The code is a mess right now, but I'll put it in a bzr branch somewhere when I get it cleaned up a bit. -- Soren Hansen Ubuntu Server Team http://www.ubuntu.com/ signature.asc Description: Digital signature
Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
I already packaged this in Ubuntu. Feel free to adopt it for Debian. -- Soren Hansen Ubuntu Server Team http://www.ubuntu.com/ signature.asc Description: Digital signature
