Peer Profiles should be protected by password, Configurations encrypted #23
Labels
No Label
applications
BLOCKED
bug
design
duplicate
enhancement
fixed?
funding-needed
help wanted
infrastructure
invalid
payments
qubes
question
ready-for-implementation
refactor
spam
tapir-server
testing
tor
wontfix
No Milestone
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: cwtch.im/cwtch#23
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Are you referring to the loading of the profiles to be encrypted/pw protected, forming the peer to peer connections should be password protected, or both?
Profiles, I've updated the title to clarify.
I can work on this. Plan is to implement in the cwtch_peer.go package where the objects are being saved and loaded from files. Let me know if you have other thoughts.
Awesome!
This is ready to go. I can't seem to make branches via the web app here: if thats a privileges thing, or if I'm being an idiot, please let me know. This is my first time collaborating on Git and programming in Go so be gentle :)
The password is created by the user when a new profile is created: it is encrypted, then stored in the Peer object. It is then used to save the profile to disk. It is never stored itself, consequently can never be recovered.
When a user wishes to load a file, the password is requested from the user and encrypted, then this encrypted variable used to decrypt the file and the encrypted password added to the profile in memory.
Known issue here: password is currently stored in memory as an MD5. We may want to change that algorithm to something more secure at a later date.
Changes to three files:
cwtch_peer:
main.go:
app.go:
Awesome! I've updated permissions you should be able to push a branch and submit a pull request now. Let me know if you are still having issues.
So yeah the web interface doesn't support branch managment which is fine.
The usual work flow is you hit the 'fork' button in the web interface on cwtch.im/cwtch and that will get you your own repo, angus/cwtch
then on the command line or in your IDE or favourite git management tool after checking out your repo you create a branch there and push to your repo and then in the web interface create a pull request on cwtch.im/cwtch
it would look like
git pull gogs@git.openprivacy.ca:angus/cwtch.git
git checkout -b profile-password
git add
... the workgit commit
git push -u origin profile-password
(the -u is setting the upstream tracking branch for the first time, after that you can justgit push
)(usually what i eventually do is
git remote add cwtch https://git.openprivacy.ca/cwtch.im/cwtch.git
so I can pull updates from it likegit pull cwtch
)however I am going to guess you did a git clone of cwtch.im/cwtch directly? so, slightly modified since I assume you have the work either commited to master locally or not commited but done
git remote add angus gogs@git.openprivacy.ca:angus/cwtch.git
git checkout -b profile-password
(the -b forces branch creation. could be done in two steps asgit branch profile-password
followed bygit checkout profile-password
)git add
the files andgit commit
. if you already had it's fine, that history will be hereHope that helps!
Also before pushing you can run testing/tests.sh to run all the unit tests, and if you have tor setup to be controllable by apps, you can also run
go test
in testing to run the integration testThen mention it in the PR so we know stuff didnt break :)
Awesome, thank you. Mostly set up now. Just realized I haven't fixed up main.go in TUI so I'll need to do that...
Tests all passed. Will pull request once I can figure out what I've done with my git.
Some thoughts on this:
The sole reason is inexperience on my part so I was leveraging work I could find elsewhere. Apologies. I'll look at the Nacl and will use the key derivation primitive you've listed above, as well as look into the theory behind both. Thanks for your patience and help with this.
If there is specific reading you'd recommend I look into, please let me know.
No worries! I should have been more specific about the design requirements when I created the issue.
Thanks again for your help. The Group package was the one package I hadn't reviewed... derp. I've adapted the logic and library from there and have brought in the PBKDF2 library.
So all implemented now with one design question: how would you like the passwords managed? I had previously been passing them through and not storing them anywhere, however incorporating PBKDF2 and salts I'll need to hard code the salt to do the same. If the salt is to be randomly generated however, I'll need to store the salts somewhere for decryption, and consequently encrypt the salt file. Do you have a preference? I feel the former is probably adequate considering the password will remain in memory rather than storing on disk but let me know (or if I'm overlooking something again)
I think randomly generating the salt and then storing it pre-pended to the profile file (or in a separate file) is the best approach here. Hardcoded salts leave the door open to wider attack vectors - where as per-peer random salts decrease the scope.
This was merged woo!