Comments (7)
For points 1 & 2, I think this is a good idea. I'm glad you solved the first point. For the second, we could append the duress key to the end of the text. This opens up the possibility that the end of the text could match the durress key exactly, but because the server is generating a random 22-character string, seems like this would be a remote possibility.
For the third point, by removing compression, you are opening that up. By keeping ZLIB compression in place, all that is known is "the plaintext is bigger", but it's not known by how much, although good estimates would put it at 10x the compressed ciphertext. I prefer keeping ZLIB compression. It's generally considered best practice before encryption, and increases the overall entropy of the system.
from d-note.
The try block for zlib decompression isn't needed. We can take that out, seeing as though all the bits were verified with the hmac. So, if the hmac verifies, decompress the note.
I'm still thinking how to solve the duress key storage.
from d-note.
I've added zlib back.
I'm not clear what you propose for securely preventing the server operator to know of a duress key's existence.
I would propose creating something along the lines of having an inner and outer part to a note.
The inner part would be what we store at the moment
inner = hmac(hmac_key, enc(aes_key,plaintext )) || enc(aes_key,plaintext )
the outer would be the inner concatenated with a duress key, AEAD encrypted with a random key ( generated from the url as we do now )
outer = hmac( outer_hmac_key, enc(outer_aes_key, dkey || inner )) || enc(outer_aes_key, dkey || inner)
which we write to disk.
The outer_hmac_key
and outer_aes_key
are generated from the url ( as we do know ).
The inner keys are generated from the user passphrase ( or from the url if no passphrase is given )
- If we can decrypt inner succesfully (i.e. the hmac tag matches ) then we know to render it.
- If we cannot we ask for a passphrase
- we attempt to decrypt again with the passphrase to generate the inner keys
- If we cannot decrypt it we check that the passphrase given matches the dkey, and we know to return duress text and destroy data.
- otherwise we ask for the passphrase again and repeat.
from d-note.
Why not just create a "duress_key" salt, like we do with the rest of the salts and keys? If a passphrase is given, we can automatically return a duress key on /post (no radio button on index), and we can automatically calculate it as needed, and don't need to store it on disk.
from d-note.
I'm not sure I get that yet. Can you explain in more detail when you get chance ?
from d-note.
Pushed. The duress key is dynamically built from the URL (nonce), if the user supplies a passphrase. It's never stored to disk.
from d-note.
I'd wanted to allow the user to set a duress key that was human memorable, but this certainly resolves the problem as described.
from d-note.
Related Issues (20)
- Add support for copying/pasting in just a hash HOT 2
- iOS bug prevents selecting text with underscores HOT 2
- Add account drop support HOT 1
- Create a more mobile-friendly theme HOT 1
- Add support for changing the browser redirection timeout HOT 1
- New installation does not create dconfig.py HOT 2
- New installation - Internal Server error and no hashcash.db HOT 10
- A too short or too long URL results in 500 error. Should be a 404. HOT 3
- TypeError: Incorrect padding HOT 1
- Apache Config
- Problem installation HOT 3
- Stopped maintenance? HOT 4
- Installation Nginx HOT 1
- Two installation issues HOT 1
- Errors in the INSTALL.md
- d-note running very slowly after renewing certificate and rebooting server HOT 7
- Customizing the html page HOT 2
- Note re-creation vulnerability HOT 12
- Link previews make messages go kaboom. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from d-note.