Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit

2012-05-15 Thread Pierre Jaury 
Package: wnpp
Severity: wishlist
Owner: Pierre Jaury 


* Package name: vodstok
  Version : 1.2.3
  Upstream Author : Damien Cauquil 
* URL : http://virtualabs.fr/vodstok/
* License : BSD
  Programming Lang: PHP
  Description : Voluntary Distributed Storage Kit

Volonturay distributed file sharing
This is an opensource, free and viral  project 
that aims at providing collaborative distributed
storage to users who want to store and share files 
temporarily over the Internet.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120515203308.31477.36077.reportbug@blitzen

Re: Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit

2012-05-16 Thread Pierre Jaury 
Hi,

On Wed, 2012-05-16 at 11:02 +0200, Cyril Brulebois wrote:
> Jonathan Wiltshire  (16/05/2012):
> > Viral? I hope this is just a translation artefact; can you explain
> > exactly what you mean by it?
> 
> Quite a shock for a project advertised as licensed under the BSD!
> 
> (INSTALL.txt says GPLv2 though.)
> 
> Mraw,
> KiBi.

As explained already, this is a translation artifact. Should be
understood as ``intended to be self-distributable'' as long as the web
ui embeds the source package for download.

About the license, my bad: it is licensed under *GPLv2*, I must have
been distracted when first writing the ITP ticket.

regards,
Pierre


signature.asc
Description: This is a digitally signed message part

Re: Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit

2012-05-23 Thread Pierre Jaury 
Hi,

> Pierre Jaury  writes:
> > This software is still an early research project: as far as I know, only
> > basic formal security analysis has been performed.
> 
> Ok, just make sure that the users know about this.

They will. Additionally, I plan on preparing the project for definitive
packaging once some crucial bugs I already reported are fixed upstream.

By the way, a detailed cryptographic analysis is currently being
performed for vodstok protocol. The only spotted weakness is the single
AES key being used for many related chunks, even if those are uploaded
to various locations and named pseudo-randomly. Yet, an additional
feature is being designed that will allow multiple keys to be used
(ultimately, one key per chunk). vodstok could also use AES CBC (or any
chained mode) as well as ECB for small files, ie. when downloading the
whole file before decrypting remains an option.

> > Yet, for your specific concern about usual AES vulnerability when using
> > independently encrypted blocks, the project aims at providing temporary
> > private storage but does not pretend to provide secure operations.
> 
> Ok, next question is then: how does vodstok detects tampering done by
> hostile peers?

There is no reason for vodstok to detect tampering, as long as design
choices ensure that the system is reliable enough for temporary storage
of non-critical files.

First, repositories have a maximum amount of disk space to allocate.
Once it is full, a repository will automatically delete old chunks to
free enough disk space for the new uploaded files to be stored.

Because uploaded chunks have a limited lifetime, there is a significant
risk that a file lacks some chunks before it is successfully downloaded
by clients. To avoid such a phenomenon, repositories publish statistics
about the average lifetime of chunks; client software use these
statistics to distribute the chunks so that small repositories are not
overloaded.

In case of an attacker flooding a repository with dummy chunks to
quickly delete the useful ones, two mechanisms will mitigate the
attempt. Timers are set so that a repository is not simply being flooded
by some dumb client. Plus, the deletion mechanism relies on a
most-recently-used list (and soon a most-frequently-used list) to ensure
that chunks belonging to popular files are not deleted.

> Two separate binary packages might make sense in that case yes but
> they'll of course be part of the same source package I assume?

Yes.

Regards,
Pierre.



signature.asc
Description: This is a digitally signed message part

Re: Bug#673071: ITP: vodstok -- Voluntary Distributed Storage Kit

2012-05-23 Thread Pierre Jaury 
Hi again,

I must clarify my very own point.

> vodstok could also use AES CBC (or any
> chained mode) as well as ECB for small files, ie. when downloading the
> whole file before decrypting remains an option.

vodstok is actually using CBC, but for small independent chunks, which
means it has more or less the same vulnerabilities as ECB. I was
actually mentioning the possibility to encrypt the whole file using CBC
before splitting it. Of course, because chunks are downloaded in random
order, this is fine only for small files (the whole thing has to be
downloaded before decryption).

Regards.


signature.asc
Description: This is a digitally signed message part