document Internals better #155
Conversation
again taken from the mailing list, mostly
anarcat
changed the title
|
i believe the above error is not specific to this pull request. |
|
one thing that is missing here is the actual descriptions of all the fields, and an expanded description of the encryption process. the keyfile encryption process is clear, maybe it needs to be refactored with the encryption section as there are probably commonalities there. |
|
ping. |
|
I was just starting to read the source when I thought that an "internals" page would be nice. This would be a nice addition to attic! Please merge the pull request. |
|
please merge, see also: from http://librelist.com/browser//attic/2014/1/31/attic-vs-obnam/ : """attic con: repository format not documented""" @anarcat thanks for collecting / assembling / documenting this! It's very useful. |
| * time | ||
|
|
||
| Each item represents a file or directory or | ||
| symlink is stored as a ``item`` dictionnary that contains: |
| When initialized with the ``init -e keyfile`` command, |project_name| | ||
| needs an associated file in ``$HOME/.attic/keys`` to read and write | ||
| the repository. The format is based on msgpack_, base64 encoding and | ||
| PBKDF2_ SHA256 encryption, which is then encoded again in a msgpack_. |
There was a problem hiding this comment.
PBKDF2_ SHA256 key derivation function,
There was a problem hiding this comment.
you're right, i changed that to use "hashing"
this should fix the comments identified as `typo` and other small quirks found by @ThomasWaldmann.
according to @ThomasWaldmann, the algorithm varies according to whether encryption is enabled.
i am actually assuming this right now, i haven't double-checked
it seems I extracted that data from [this mailing list post][] which in turn takes it from [this github comment][]. [this mailing list post]: http://librelist.com/browser/attic/2014/5/6/questions-and-suggestions-about-inner-working-of-attic/ [this github comment]: jborg#26 (comment)
do not use the word "encryption", as it is actually closer to "hashing" anyways.
|
hi @ThomasWaldmann - thanks for the thorough review! I have done my best to incorporate changes that will reflect the concerns you raised, but there are two issues which I just cannot fix, and they are "why 2 keys" and "why 3 keys". :) my gut feeling is that it is because you do not want to have one key (say the checksumming algorithm) be reused to encrypt the data to make the system more secure to (say) side-channel attacks. but I am not a cryptographer, so I am a little uncomfortable making such claims in the documentation. furthermore, i would recommend you make the changes directly in your own branch - it would probably be easier for you than commenting here and for me than merging all those changes in by hand. :) therefore, you may want to review the comments to make sure I covered all the cases you raised. i sure hope this will be merged soon! :) |
|
Sure, maybe @jborg can comment on the "key" questions. For the enc and enc_hmac key, as you I also suspect security reasons. I just stumbled over it because for aes-gcm (which I am working on right now), there would be only 1 key for both enc and mac. Good idea about forking your docs branch. Maybe we could even create a "help with all the merging" branch somewhere in case @jborg is too busy otherwise to do merges now. |
|
re a separate repo/branch, i opened #217 to continue that conversation. |
|
May I suggest to keep documentation in 'one sentence per line format'? It drastically helps while reviewing changes. This article has some background. As for my original request -- describe how de-duplication works -- thank you very much! |
|
@sa2ajj good idea if doc source is not read by end users. |
|
@sa2ajj one sentence per line format certainly has sense, but a similar result can be achieved without compromising the doc source readability using git.
|
|
why |
|
Another option, still better imo. |
|
FWIW, all those parameters to However, as I said, it was just a suggestion. |
|
yeah, i can certainly appreciate the "one line per idea" concept, especially for those poor VCS that can handle complex things like paragraphs. poor little github, it's not its fault it's proprietary. |
this originally started as an attempt to document keyfiles, but after reading a mailing list discussion recommended in #27, turned in a fully-fledged attempt at documenting all internals, including chunking (#28).
one thing that seems to still be missing here is #45, the cache file.