git-annex/Types
Joey Hess bd5affa362
use hmac in balanced preferred content
This deals with the possible security problem that someone could make an
unusually low UUID and generate keys that are all constructed to hash to
a number that, mod the number of repositories in the group, == 0.
So balanced preferred content would always put those keys in the
repository with the low UUID as long as the group contains the
number of repositories that the attacker anticipated.
Presumably the attacker than holds the data for ransom? Dunno.

Anyway, the partial solution is to use HMAC (sha256) with all the UUIDs
combined together as the "secret", and the key as the "message". Now any
change in the set of UUIDs in a group will invalidate the attacker's
constructed keys from hashing to anything in particular.

Given that there are plenty of other things someone can do if they can
write to the repository -- including modifying preferred content so only
their repository wants files, and numcopies so other repositories drom
them -- this seems like safeguard enough.

Note that, in balancedPicker, combineduuids is memoized.
2024-08-10 16:32:54 -04:00
..
ActionItem.hs --explain for preferred/required content matching 2023-07-26 14:50:04 -04:00
AdjustedBranch.hs make sync update --unlock-present branch 2020-11-13 15:04:34 -04:00
Availability.hs let Remote.availability return Unavilable 2023-08-16 14:31:31 -04:00
Backend.hs implement URL to VURL migration 2024-03-01 16:42:02 -04:00
Benchmark.hs benchmark: Add --databases to benchmark sqlite databases 2019-10-29 16:59:27 -04:00
BranchState.hs clean up git-remote-annex git-annex branch handling 2024-05-15 17:33:38 -04:00
CatFileHandles.hs separate handles for cat-file and cat-file --batch-check 2021-09-24 13:16:13 -04:00
CleanupActions.hs propagate signals to the transferrer process group 2020-12-11 15:32:00 -04:00
Cluster.hs remove dead nodes when loading the cluster log 2024-06-16 14:39:44 -04:00
Command.hs git-annex-shell: accept uuid of remote that proxying is enabled for 2024-06-10 12:44:35 -04:00
Concurrency.hs have setConcurrency stop any running git coprocesses 2021-11-19 12:00:39 -04:00
Creds.hs update licenses from GPL to AGPL 2019-03-13 15:48:14 -04:00
Crypto.hs support annex.shared-sop-command for encryption=shared 2024-01-12 13:31:18 -04:00
DeferredParse.hs remove --backend from global options 2022-06-29 13:33:25 -04:00
DesktopNotify.hs remove many old version ifdefs 2019-07-05 15:09:37 -04:00
Difference.hs git-remote-annex support exporttree=yes remotes 2024-05-13 11:48:00 -04:00
Direction.hs improve concurrency of move/copy --from --to 2023-01-24 13:59:39 -04:00
Distribution.hs annex.addunlocked expressions 2019-12-20 15:56:25 -04:00
Export.hs proxy stores received keys to known export locations 2024-08-07 09:47:34 -04:00
FileMatcher.hs --explain for preferred/required content matching 2023-07-26 14:50:04 -04:00
GitConfig.hs Remove debug output (to stderr) 2024-08-02 14:13:29 -04:00
GitRemoteAnnex.hs avoid duplicates building up in outManifest 2024-05-24 15:10:56 -04:00
Group.hs use hmac in balanced preferred content 2024-08-10 16:32:54 -04:00
Import.hs implement importChanges optimisaton (not used yet) 2023-05-31 16:01:34 -04:00
IndexFiles.hs cache annex index filename for 1.5% speedup to queries 2020-04-10 13:37:04 -04:00
Key.hs git-annex unused --from remote skips its git-remote-annex keys 2024-05-14 15:17:40 -04:00
KeySource.hs convert KeySource to RawFilePath 2020-02-21 10:04:44 -04:00
Link.hs prep for fixing find --branch --unlocked 2021-03-02 13:39:31 -04:00
LockCache.hs more RawFilePath conversion 2020-10-29 10:50:29 -04:00
Messages.hs rename errorid to message-id 2023-04-26 12:53:30 -04:00
MetaData.hs simplify base64 to only use ByteString 2023-10-26 13:10:05 -04:00
Mime.hs Added mimeencoding= term to annex.largefiles expressions. 2019-04-30 12:17:22 -04:00
NumCopies.hs toward SafeDropProof expiry checking 2024-07-04 12:39:06 -04:00
ProposedAccepted.hs separate RemoteConfig parsing basically working 2020-01-14 12:35:08 -04:00
RefSpec.hs Typo: sansative -> sensitive 2023-03-17 15:14:50 -04:00
Remote.hs proxied exporttree=yes versionedexport=yes remotes are not untrusted 2024-08-08 15:24:19 -04:00
RemoteConfig.hs git-remote-annex: Display full url when using remote with the shorthand url 2024-05-24 17:15:31 -04:00
RemoteState.hs improve comment 2020-01-06 12:53:09 -04:00
RepoVersion.hs v7 2018-10-25 18:24:23 -04:00
ScheduledActivity.hs avoid using MonadFail in ParseDuration 2020-08-15 15:53:35 -04:00
StallDetection.hs run codespell throughout fixing typos automagically 2024-05-01 15:46:21 -04:00
StandardGroups.hs a few forgotten remote config fields 2020-01-15 11:22:36 -04:00
StoreRetrieve.hs toward SafeDropProof expiry checking 2024-07-04 12:39:06 -04:00
Test.hs test: Add --test-debug option 2022-11-28 15:12:53 -04:00
Transfer.hs P2P protocol version 2, adding SUCCESS-PLUS and ALREADY-HAVE-PLUS 2024-06-18 16:21:40 -04:00
Transferrer.hs convert encode_c to ByteString 2023-04-07 17:10:49 -04:00
TransferrerPool.hs propagate signals to the transferrer process group 2020-12-11 15:32:00 -04:00
Transitions.hs handle transitions with read-only unmerged git-annex branches 2021-12-28 13:23:32 -04:00
TrustLevel.hs update licenses from GPL to AGPL 2019-03-13 15:48:14 -04:00
Upgrade.hs split upgrade into v9 and v10 2022-01-19 13:09:33 -04:00
UrlContents.hs remove SafeFilePath 2020-05-11 14:04:56 -04:00
UUID.hs dummy HasClient ClientM WebSocket 2024-07-07 21:21:45 -04:00
VectorClock.hs deal better with clock skew situations, using vector clocks 2021-08-04 12:33:46 -04:00
View.hs add directory to views for files that lack specified metadata 2023-02-07 16:28:46 -04:00
WorkerPool.hs improve concurrency of move/copy --from --to 2023-01-24 13:59:39 -04:00