-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity.html
278 lines (258 loc) · 14.3 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
<!DOCTYPE html>
<head>
<title>Security</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src https: 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' data:;">
<meta name="viewport"
content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="shortcut icon" href="/theme/vendor/peergos-styles/dist/img/icons/favicon.ico"/>
<link rel="stylesheet" href="/theme/css/material-icons.css">
<link rel="stylesheet" href="/theme/css/luna-carousel.css">
<script src="/theme/js/toggle.js" defer></script>
<script src="/theme/js/slider.js" defer></script>
<link rel="stylesheet" href="/theme/css/style.css">
<link rel="stylesheet" href="/theme/css/signup.css">
<link rel="stylesheet" href="/theme/css/slider.css">
<link rel="stylesheet" href="/theme/css/montserrat.css" type="text/css">
<link rel="stylesheet" href="/theme/vendor/materialize/css/materialize.min.css" type="text/css"/>
<link rel="stylesheet" href="/theme/css/peergos.css" type="text/css"/>
<link rel="alternate" href="https://peergos.org/feeds/posts.atom.xml" type="application/atom+xml">
</head>
<body class="security" style="overflow-y: scroll;">
<nav>
<div class="nav-wrapper">
<a href="/" class="brand-logo"><img src="/theme/img/peergos/logo-main.svg" width="200"/></a>
<a href="#" data-activates="mobile" class="button-collapse"><i class="material-icons">menu</i></a>
<ul class="right hide-on-med-and-down">
<li >
<a href="./features"
>
Features
</a>
</li>
<li >
<a href="./pricing"
>
Pricing
</a>
</li>
<li class="active">
<a href="./security"
>
Security
</a>
</li>
<li >
<a href="./blog"
>
Blog
</a>
</li>
<li >
<a href="./about"
>
About
</a>
</li>
<li>
<a href="https://book.peergos.org" target="_new">
<span>
Tech
</span>
</a>
</li>
<li>
<a href="https://peergos.net" target="_new" class="btn btn-blue">
<span>
LOG IN
</span>
</a>
</li>
<li>
<a href="https://peergos.net/?signup=true" target="_new" class="btn">
<span>
SIGN UP
</span>
</a>
</li>
</ul>
<ul class="side-nav" id="mobile">
<li class="side-nav-header">
<a href="/" class="brand-logo"><img src="/theme/img/peergos/logo-tower-only-green.svg" width="180"/></a>
</li>
<li >
<a href="./features"
>
Features
</a>
</li>
<li >
<a href="./pricing"
>
Pricing
</a>
</li>
<li class="active">
<a href="./security"
>
Security
</a>
</li>
<li >
<a href="./blog"
>
Blog
</a>
</li>
<li >
<a href="./about"
>
About
</a>
</li>
<li class="hidden-md hidden-lg nav_bar_grey_li">
<a href="https://book.peergos.org" target="_new" class="nav_bar_grey_lnk">
<span class="nav_bar_grey_span">
Tech
</span>
</a>
</li>
<li class="hidden-md hidden-lg nav_bar_grey_li">
<a href="https://peergos.net" target="_new" class="nav_bar_grey_lnk btn btn-blue">
<span class="nav_bar_grey_span">
LOG IN
</span>
</a>
</li>
<li class="hidden-md hidden-lg nav_bar_grey_li">
<a href="https://peergos.net/?signup=true" target="_new" class="nav_bar_grey_lnk btn">
<span class="nav_bar_grey_span">
SIGN UP
</span>
</a>
</li>
</ul>
</div>
</nav>
<div class="container bs-docs-container">
<div class="row">
<div class="col m3 col s4">
<div id="full-toc" class="bs-docs-sidebar hidden-print affix-top hidden-xs hidden-sm" role="complementary">
<ul class='nav bs-docs-sidenav'><li class='active'><a href='#overview_' data-scroll data-url>Overview</a></li><li><a href='#encryption_' data-scroll data-url>Encryption</a></li><li><a href='#metadata_' data-scroll data-url>Metadata</a></li><li><a href='#trustless_servers_' data-scroll data-url>Trustless Servers</a></li><li><a href='#trustless_storage_' data-scroll data-url>Trustless Storage</a></li><li><a href='#independent_audits_' data-scroll data-url>Independent audits</a></li><li><a href='#quantumresistant_cryptography_' data-scroll data-url>Quantum-resistant Cryptography</a></li><li><a href='#threat_models_' data-scroll data-url>Threat Models</a></li><li><a href='#the_casual_user_' data-scroll data-url>The casual user</a></li><li><a href='#the_cautious_user_' data-scroll data-url>The cautious user</a></li><li><a href='#the_local_only_user_' data-scroll data-url>The local only user</a></ul>
</div>
</div>
<div class="col m9 col s8" role="main" style="overflow-x:auto; padding-bottom: 10px;">
<h1 class="page-header main-title">Security</h1>
<div class="bs-docs-section">
<h2 id="overview_">Overview</h2>
<p>Peergos encrypts files locally on your device and your keys never leave your device. To log in, your username and password are (locally) hashed through <a href="https://en.wikipedia.org/wiki/Scrypt">scrypt</a> to derive your root key-pair and root symmetric key. This key-pair is never written to disk, and is only used to decrypt follow requests sent to you. The symmetric key is used to decrypt your entry points into your filesystem. This design allows you to log in from any device. You can read more technical information in our <a href="https://book.peergos.org">book</a>.</p>
<h2 id="encryption_">Encryption</h2>
<p>The underlying encryption uses <a href="http://tweetnacl.cr.yp.to/">Tweetnacl</a> for both symmetric and asymmetric encryption. This means files are encrypted with xsalsa20-poly1305, data is signed with Ed25529, and shared keys are exchanged using Curve25519. </p>
<h2 id="metadata_">Metadata</h2>
<p>Peergos protects your metadata as well as your data. Everything from file and directory names, sizes and other properties are encrypted or obfuscated. Unlike other products out there Peergos protects your social graph as well. Your contact list is not visible to the server and is stored encrypted in your own space. Furthermore, if a user shares a file with another user, the server can't deduce this relationship. A Peergos server doesn't store any sensitive data or metadata. We take your privacy seriously!</p>
<h2 id="trustless_servers_">Trustless Servers</h2>
<p>Your Peergos server doesn't store or have access to any unencrypted sensistive information. This means that even if the server is breached, the attacker cannot read your data without a further active attack on users by delivering a malicious web client to those using the web interface.</p>
<h2 id="trustless_storage_">Trustless Storage</h2>
<p>There is further trustfree separation between the server and the actual data storage, which could be local disk, or a remote S3 compatible service. This means that a servers can use S3 compatible storage as a data backend without exposing any sensitive information to S3. You can even mirror your data safely on an untrusted server. </p>
<h2 id="independent_audits_">Independent audits</h2>
<p>We have been audited by the world leeading security firm, <a href="https://cure53.de/">Cure53</a>. Read more <a href="https://peergos.org/posts/security-audit">here</a>.</p>
<h2 id="quantumresistant_cryptography_">Quantum-resistant Cryptography</h2>
<p>Your entire file system in Peergos is encrypted with symmetric cryptography and the initial keys are derived using cryptographic hashing. Both of these are believed to be resistant to quantum computer attacks (You at best get a quadratic speedup from Grover's algorithm). We will be switching the asymmetric cryptography, which is used to share files, to a post-quantum algorithm as soon as a clear candidate arrives. </p>
<h2 id="threat_models_">Threat Models</h2>
<p>Peergos is designed to be secure against passive network adversaries, even ones with state level computational resources, who are able to store all data on the Peergos network indefinitely. Despite all the encrypted data being publicly accessible, no one but the intended recipients can deduce any data or friendship graphs. </p>
<p>Peergos does not defend against a compromised user's machine. Currently, Peergos doesn't protect files shared between users from an adversary with a large quantum computer. </p>
<p>Peergos should be secure against attackers with read access to a users machine which is not synchronous with the client being logged in. </p>
<h2 id="the_casual_user_">The casual user</h2>
<p><strong>Trusts</strong></p>
<ol>
<li>The Internet's SSL certificate hierarchy and DNS system</li>
<li>That our public server hasn't been compromised</li>
<li>Javascript crypto delivered over https</li>
</ol>
<p><strong>Uses</strong></p>
<ol>
<li>Can use our public server's web interface over https</li>
</ol>
<h2 id="the_cautious_user_">The cautious user</h2>
<p><strong>Trusts</strong></p>
<ol>
<li>A copy of Peergos that they downloaded to their device, optionally verifying the signature of.</li>
<li>Javascript crypto delivered over localhost, or in process</li>
</ol>
<p><strong>Uses</strong></p>
<ol>
<li>Download and run Peergos locally, and use the web interface over localhost in their browser of choice, or the command line interface</li>
</ol>
<h2 id="the_local_only_user_">The local only user</h2>
<p><strong>Trusts</strong></p>
<ol>
<li>A copy of Peergos that they downloaded to their device, and verified the signature of.</li>
</ol>
<p><strong>Uses</strong></p>
<ol>
<li>Can download and run Peergos locally as an effective local encrypted file store, without the social aspects. They can access through the web interface on localhost, through the native filesystem with a FUSE mount of Peergos, or using the CLI. </li>
</ol>
</div>
<span class="pull-right">
<a class="btn btn-default" role="button"
href="javascript:window.scrollTo(0,0);">Back to Top</a>
</span>
</div>
</div>
</div>
<div class="index">
<footer class="page-footer">
<div class="">
<div class="row">
<div class="col l6 m6 s12 footer-logo">
<img src="/theme/img/peergos/logo-dark-bg.svg" width="230">
</div>
<div class="col l3 m4 s12">
<h5 class="white-text">About Us</h5>
<ul>
<li><a href="https://book.peergos.org/" target="_new">Tech book</a></li>
<li><a href="/about" >About</a></li>
<li><a href="/contact" >Contact</a></li>
<li><a href="/faq" >FAQ</a></li>
</ul>
</div>
<div class="col l3 m3 s12">
<h5 class="white-text">Community</h5>
<ul>
<!--<li><a href="http://blog.peergos.org" target="_new">Blog</a></li>-->
<a href="https://github.com/peergos/peergos" target="_new">
<img src="/theme/img/contact/github.svg" width="100">
</a>
<a href="https://matrix.to/#/#peergos-chat:matrix.org" target="_new">
<img src="/theme/img/contact/matrix.png" width="100">
</a>
<a href="https://twitter.com/peergos" target="_new">
<img src="/theme/img/contact/twitter.svg" width="100">
</a>
<a href="https://reddit.com/r/peergos" target="_new">
<img src="/theme/img/contact/reddit.png" width="100">
</a>
</ul>
</div>
</div>
<div class="footer-copyright">
<div class="row">
<div class="col s12">
© PEERGOS | Designed by <a href="http://www.antarctic-design.co.uk" target="_blank"> Eamonn
Maguire</a>.
</div>
</div>
</div>
</footer>
</div>
</div>
<script src="/theme/vendor/jquery/dist/jquery.min.js"></script>
<script src="/theme/vendor/materialize/js/materialize.min.js"></script>
<script>
$(".button-collapse").sideNav();
</script>
</body>
</html>