X-Git-Url: http://www.git.cypherpunks.ru/?p=nncp.git;a=blobdiff_plain;f=doc%2Feblob.texi;h=a7e9b8f47d43c6cf5d5642950845d8e18955ee87;hp=baaa718907e820411b32e324bb11711b3475c71f;hb=203dfe36da7adf2b3089e4fa4017a67409cbad70;hpb=97b386a58ef33cac2ba39ac2e273bc632eb026ad diff --git a/doc/eblob.texi b/doc/eblob.texi index baaa718..a7e9b8f 100644 --- a/doc/eblob.texi +++ b/doc/eblob.texi @@ -1,7 +1,9 @@ @node EBlob +@cindex eblob +@cindex encrypted configuration @unnumbered EBlob format -Eblob is an encrypted blob (binary large object, in the terms of +EBlob is an encrypted blob (binary large object, in the terms of databases), holding any kind of symmetrically encrypted data with the passphrase used to derive the key. It is used to secure configuration files, holding valuable private keys, allowing them to be transferred @@ -20,6 +22,9 @@ is @strong{not} the password. Password is a short string of high entropy low-entropy characters. Low-entropy text is much more easier to remember, and its length provides pretty enough entropy as a result. +@cindex password +@cindex balloon +@cindex Argon2 Password strengthening function is applied to that passphrase to mitigate brute-force and dictionary attacks on it. Here, @url{https://crypto.stanford.edu/balloon/, Balloon} memory-hard password @@ -29,19 +34,19 @@ attacks and seems more secure than Argon2 (@url{https://password-hashing.net/, Password Hashing Competition} winner). -Eblob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure: +EBlob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure: @verbatim -+-------+------------------+------------+ -| MAGIC | S | T | P | SALT | BLOB | MAC | -+-------+------------------+------------+ ++-------+------------------+------+ +| MAGIC | S | T | P | SALT | BLOB | ++-------+------------------+------+ @end verbatim @multitable @columnfractions 0.2 0.3 0.5 @headitem @tab XDR type @tab Value @item Magic number @tab 8-byte, fixed length opaque data @tab - @verb{|N N C P B 0x00 0x00 0x01|} + @verb{|N N C P B 0x00 0x00 0x03|} @item S, T, P @tab unsigned integer @tab Space cost, time cost and parallel jobs number @@ -50,18 +55,12 @@ Eblob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure: Randomly generated salt @item Blob @tab variable length opaque data @tab - Encrypted data itself -@item MAC @tab - 32 bytes, fixed length opaque data @tab - BLAKE2b-256 MAC of encrypted blob + Authenticated and Encrypted data itself @end multitable -Blob's encryption is done using -@url{https://www.schneier.com/academic/twofish/, Twofish} algorithm with -256-bit key in -@url{https://en.wikipedia.org/wiki/Counter_mode#Counter_.28CTR.29, CTR} -mode of operation with zero initialization vector. -@code{balloon(BLAKE2b-256, S, T, P, salt, password)} gives the main key, -that is fed to @url{https://en.wikipedia.org/wiki/HKDF, -HKDF}-BLAKE2b-256 KDF. Actual encryption key for Twofish and -authentication key for MAC are derived from that KDF. +@enumerate +@item generate the key using @code{balloon(BLAKE2b-256, S, T, P, salt, password)} +@item encrypt and authenticate blob using + @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}. + EBlob packet itself, with empty blob field, is fed as an additional authenticated data +@end enumerate