Changelog of @hackage/keysafe 0.20160914

keysafe (0.20160914) unstable; urgency=medium

  • Fix bug that prevented keysafe --server from running when there was no controlling terminal and zenity was not installed.
  • Added --name and --othername options.
  • Added proof of work to client/server protocol.
  • Server-side rate limiting and DOS protection.
  • server: Added --months-to-fill-half-disk option, defaulting to 12.
  • Several new dependencies.
  • Another fix to gpg secret key list parser.
  • Warn when uploads fail and are put in the upload queue.
  • Warn when --uploadqueued fails to upload to servers.
  • Fix --uploadqueued bug that prevented deletion of local queued file.
  • Added --chaff mode which uploads random junk to servers. This is useful both to test the server throttling of uploads, and to make it harder for servers to know if an object actually contains secret key information.
  • Store information about backed up keys in ~/.keysafe/backup.log This can be deleted by the user at any time, but it's useful in case a server is known to be compromised, or a problem is found with keysafe's implementation that makes a backup insecure.

-- Joey Hess id@joeyh.name Wed, 14 Sep 2016 17:08:55 -0400

keysafe (0.20160831) unstable; urgency=medium

  • Server implementation is ready for initial deployment.
  • Keysafe as a client is not yet ready for production use.
  • Removed embedded copy of secret-sharing library, since finite-field only supports prime fields. This caused shares to be twice the size of the input value.
  • Reduced chunk size to 32kb due to share size doubling.
  • Fix gpg secret key list parser to support gpg 2.
  • Tuned argon2 hash parameters on better hardware than my fanless laptop.
  • Improve time estimates, taking into account the number of cores.
  • Added basic test suite.
  • Added options: --store-directory --test --port --address
  • Added a Makefile
  • Added a systemd service file.
  • Added a desktop file.

-- Joey Hess id@joeyh.name Wed, 31 Aug 2016 15:43:30 -0400

keysafe (0.20160819) unstable; urgency=medium

  • First release of keysafe. This is not yet ready for production use.
  • Network support is not yet implemented, but --store-local works for testing with local data storage.
  • Data backed up with keysafe version 0.* will not be able to be restored by any later version! Once the data format stabalizes, keysafe version 1 data will be supported by every later version.
  • Argon2 hashes are not yet tuned for modern hardware, but only for my laptop. So, cracking cost estimates may be low. To help with this tuning, run keysafe --bechmark and send the output to me.

-- Joey Hess id@joeyh.name Fri, 19 Aug 2016 19:41:06 -0400