[Dev] [RFC] backups
ingegnue at riseup.net
Fri Jul 15 00:42:36 GMT 2016
On 07/09/16 09:58, Luke wrote:
> On 07/08/2016 06:21 PM, IngeGNUe wrote:
>>> If it's encrypted, who holds the
>>> decryption keys?
>> Decryption keys are an interesting security problem. One person could
>> know the password and 10 could store the keys somewhere, BUT then you
>> have 11 times (or whatever) the chance that some cracker will find it
>> and brute force the keys. Since they're decryption keys, I don't recall
>> any way you could set a lockout for incorrect attempts.
>> The safest storage for keys is offline.
>> Parabola's non-hierarchical organization conflicts with the assumptions
>> of hierarchical managament most of this infrastructural software
>> assumes. This is a fault of the software design, not Parabola hackers.
>> I'm not sure how to solve this problem, but I thought I'd take a stab.
> I've never tried it, but would like to bring attention to the following
> two program included in Tails, which are designed to create a
> non-hierarchal key arrangement for this exact purpose.
> gfshare: http://www.digital-scurf.org/software/libgfshare
> ssss: http://point-at-infinity.org/ssss/
> To quote the algorithm:*
> Shamir's Secret Sharing* is an algorithm
> <https://en.wikipedia.org/wiki/Algorithm> in cryptography
> <https://en.wikipedia.org/wiki/Cryptography> created by Adi Shamir
> <https://en.wikipedia.org/wiki/Adi_Shamir>. It is a form of secret
> sharing <https://en.wikipedia.org/wiki/Secret_sharing>, where a secret
> is divided into parts, giving each participant its own unique part,
> where some of the parts or all of them are needed in order to
> reconstruct the secret.
> In other words, no one holds the complete key, but as long as "x amount"
> of developers still hold parts of the key, each one can come together to
> unlock the file.
That's awesome. If that works, then everyone with a key could store
their respective private keys offline.
How does it handle when a dev leaves but does not revoke their key? How
do you avoid a situation (from a technical aspect) of not having enough
"x amount" devs, resulting in lost access to the files?
I haven't tried it either.
If you can have that solution working then another thing that would be
nice to have is a distributed backup solution in which multiple specific
people can access the data, without it being accessible by the whole
world. Distributed data storage seems the most ideal to me in terms of
respecting Parabola's horizontal organization.
The challenge is how to grant access.
What do you think of Tahoe-LAFS? https://en.wikipedia.org/wiki/Tahoe-LAFS
IANAL but their licenses seem OK to me.
More information about the Dev