418d749680
`openssl dgst` and `openssl enc` used previously poorly handle key stretching - in case of `openssl enc` encryption key is derived using single MD5 iteration, without even any salt. This hardly prevent brute force or even rainbow tables attacks. To make things worse, the same key is used for encryption and integrity protection which ease brute force even further. All this is still about brute force attacks, so when using long, high entropy passphrase, it should be still relatively safe. But lets do better. According to discussion in QubesOS/qubes-issues#971, scrypt algorithm is a good choice for key stretching (it isn't the best of all existing, but a good one and widely adopted). At the same time, lets switch away from `openssl` tool, as it is very limited and apparently not designed for production use. Use `scrypt` tool, which is very simple and does exactly what we need - encrypt the data and integrity protect it. Its archive format have own (simple) header with data required by the `scrypt` algorithm, including salt. Internally data is encrypted with AES256-CTR and integrity protected with HMAC-SHA256. For details see: https://github.com/tarsnap/scrypt/blob/master/FORMAT This means change of backup format. Mainly: 1. HMAC is stored in scrypt header, so don't use separate file for it. Instead have data in files with `.enc` extension. 2. For compatibility leave `backup-header` and `backup-header.hmac`. But `backup-header.hmac` is really scrypt-encrypted version of `backup-header`. 3. For each file, prepend its identifier to the passphrase, to authenticate filename itself too. Having this we can guard against reordering archive files within a single backup and across backups. This identifier is built as: backup ID (from backup-header)!filename! For backup-header itself, there is no backup ID (just 'backup-header!'). Fixes QubesOS/qubes-issues#971 |
||
|---|---|---|
| ci | ||
| contrib | ||
| core | ||
| core-modules | ||
| dispvm | ||
| doc | ||
| etc | ||
| linux | ||
| qubes | ||
| qubes-rpc | ||
| qubes-rpc-policy | ||
| qvm-tools | ||
| relaxng | ||
| rpm_spec | ||
| templates | ||
| test-packages | ||
| tests | ||
| .coveragerc | ||
| .gitignore | ||
| .pylintrc | ||
| .travis.yml | ||
| installer.wxs | ||
| LICENSE | ||
| Makefile | ||
| Makefile.builder | ||
| README.md | ||
| run-tests | ||
| setup.cfg | ||
| setup.py | ||
| version | ||
Qubes core, version 3
This is development branch of the Qubes OS core. This branch is subject to rebase without warning until further notice.
API documentation is available: https://qubes-core-admin.readthedocs.org/en/latest/.