Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better alternatives for data encryption #5254

Open
vicaya opened this issue Oct 25, 2024 · 7 comments
Open

Better alternatives for data encryption #5254

vicaya opened this issue Oct 25, 2024 · 7 comments
Labels
kind/feature New feature or request

Comments

@vicaya
Copy link

vicaya commented Oct 25, 2024

The current data at rest encryption design with RSA private key is both slow and insecure (crackable passphrase and not quantum safe, which is esp. problematic for data at rest). Go standard lib already deprecated RSA with passphrase. We had to explicitly suppress the compiler warning against the usage.

IMO. the following are reasonable alternatives:

  1. Use the symmetric AES-GCM instead of RSA as the KEK (key encryption key) algo with a key derived from a robust KDF, e.g. argon2id (part of go standard library). The change is easy and small. It's sufficient for personal and test deployment, where passphrases can be used.
  2. Use TOTP (and maybe other MFAs) authenticated remote secret server (suggest https://github.com/openbao/openbao, the current open source fork of hashicorp vault for cloud vendor independence) for managing KEK, similar to CMEK with KMS in cloud vendors. This is slightly more complex but still fairly straightforward. This is the preferred solution for production deployment, as only short-lived credential is exposed in multiple client nodes.
@vicaya vicaya added the kind/feature New feature or request label Oct 25, 2024
@solracsf
Copy link
Contributor

solracsf commented Oct 27, 2024

Also related: #5174

JuiceFS could learn from Restic encryption (alsor programmed in Go): https://restic.readthedocs.io/en/v0.4.0/Design/

@vicaya
Copy link
Author

vicaya commented Oct 28, 2024

Restic format is already "legacy", which uses scrypt for kdf, which is a second choice after argon2id according to OWASP, AES-CTR with Poly1305-AES is also "legacy" with less support compared with AES-256-GCM or xChaCha20-Poly1305

cf. https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/

@davies
Copy link
Contributor

davies commented Nov 8, 2024

Sounds, can you send PR for these?

@ab-shrek
Copy link

Can i take this up if no one is working on it?

@davies
Copy link
Contributor

davies commented Nov 13, 2024

Can i take this up if no one is working on it?

Sure, no one is working on this

@vivekcode101
Copy link

Hey @ab-shrek are you still working on the issue?

@ab-shrek
Copy link

ab-shrek commented Dec 2, 2024

Hey @vivekcode101 I am not working on this. Feel free to take it up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants