acmeattic-devel team mailing list archive
-
acmeattic-devel team
-
Mailing list archive
-
Message #00001
Re: Encryption schemes for AcmeAttic
The server software is responsible for maintaining the revisions.
- A request for a certain revision is processed at the server and the
final file is sent to the client.
- Similarly, the server periodically needs to perform maintenance on the
stored revisions, so that it can support operations to discard unwanted
intermediate revisions. (Like what we discussed already. A file that is more
than a week old need not have daily revisions stored - these can be merged
into a single revision for the week).
For the server to process these locally, it should be able to decrypt the
content safely. (These operations can definitely be achieved by transferring
enough data to the client but that is too costly for the network).
If the server is trusted, it can decrypt these files at runtime and store
them in-memory. After finishing with the file, the memory is just freed (or
even erased for the paranoid people).
Also, from the Mercurial documentation, I noticed that it performs different
mechanisms on diff and compression for storing and network transmission -
runtime decisions are made based on what is found (or predicted) to be
optimal.
Re-encryption can also be performed at the server without client/network
involvement.
I have some interesting thoughts and questions myself:
- Is it possible to verify or sign the authenticity of the server code?
(So that the client can trust the server)
- I imagine generating a user's AES key as a hash (SHA256) of his
password. This could be securely sent to the server per-transaction, and the
server could handle all its operations and 'forget' the user's AES key.
- Even during the maintenance operations, it could be client initiated. I
still do not want the administrator to be able to view *any* file by just
logging in to the server.
Does this sell the point that trusting the server to some extent is not so
bad?
On Sat, Jul 3, 2010 at 10:10 PM, Aditya Manthramurthy
<aditya.mmy@xxxxxxxxx>wrote:
> Hi all,
>
> As you all know, there are some proposals for encryption on the wiki at
> http://nkarthiks.info/acmeattic/index.php?title=Encryption
>
> Let's continue discussing here.
>
> I didn't quite follow, Karthik's way of looking at it, in a trusting way of
> admins to not patch up the server s/w. I think we can start from there.
>
> --Aditya
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> Post to : acmeattic-devel@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> More help : https://help.launchpad.net/ListHelp
>
--
Karthik
Follow ups
References