mirror of https://github.com/perkeep/perkeep.git
f9cfd754a2
NaCl offers authenticated encryption, which means that the blobstore can't tamper with the data. Since SHA-1 were checked one could not change a blob outright, but could add new blobs by tampering with the meta blobs, too. It's true that only signed blobs should cause actions just by being present, but we are already far too deep in the chain of assumptions, just not to spend a bit of CPU adding a MAC. The new scheme is much easier to prove secure. Also simplified the meta by removing the IV (which is in the encrypted blob anyway) and the encrypted size (which is plaintext size + overhead). Finally, added tests (including a storagetest) and tried to make this sort of production-ready. Still to do are meta compaction and a way to regenerate the meta from the blobs, in case of meta corruption (which now we can do securely thanks to NaCl authentication). golang.org/x/crypto/nacl/secretbox: golang.org/x/crypto/poly1305: golang.org/x/crypto/salsa20/salsa: golang.org/x/crypto/scrypt: golang.org/x/crypto/pbkdf2: 1e61df8d9ea476e2e1504cd9a32b40280c7c6c7e Change-Id: I095c6204ac093f6292c7943dbb77655d2c51aba6 |
||
|---|---|---|
| .. | ||
| bazil.org/fuse | ||
| cloud.google.com/go | ||
| embed | ||
| github.com | ||
| go4.org | ||
| golang.org/x | ||
| google.golang.org | ||
| honnef.co/go/js/dom | ||
| labix.org/v2/mgo | ||
| myitcv.io | ||
| rsc.io | ||
| README | ||
README
External packages which Camlistore depends on. These are not under Camlistore copyright/license. See the respective projects for their copyright & licensing details. These are mirrored into Camlistore for hermetic build reasons, as well as enabling local patching to work with an ever-changing upstream Go project. (not all projects will follow Go tip as closely)