HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lijogdfljk

no profile record

comments

lijogdfljk
·4 yıl önce·discuss
How does Org Mode handle Zettlekasten?

Also one thing i like about these alternate options is they work on my phone. I regularly use Obsidian on my phone to lookup information, jot things down, etc.

With that said i'm still looking (making.. maybe?) my perfect solution which is mostly just Selfhosted + Notes + Spaced Rep in the right UX.
lijogdfljk
·4 yıl önce·discuss
> If you have a secure method of distributing keys, you could also just distribute the encrypted file (or its hash) via that secure method.

Well in my case the central thing is mutable, changing. Ie it's a pointer to the HEAD, in git terms.

So yes, i have to distribute keys but the keys are immutable and can be distributed. The HEAD however can't, or at least can't with assurances that it's trusted.

Which is kinda the root issue i suppose. To answer the question of "the file on S3 is mutable, did i actually write it?". I have to be able to answer that

> Its been a while since i read it, but it was mostly about how to use different crypto primitives properly. It was not about how to design a block cipher or anything like that.

That actually sounds great. Definitely interested, thank you!
lijogdfljk
·4 yıl önce·discuss
> One way to do this is to hash the file and store that hash somewhere you trust, which i think is what the person is suggesting. This approach has somewhat limited applicability, because if you already have a trusted channel, why are you using cryptography? (Yes there are lots of exceptions to that where crrypto still makes sense, but in general the point stands)

Yup. In my case my system is content addressed, so everything is a hash. So one one hand, sign-less encryption will work fine if i know the HEAD hash, as you mentioned. However i also want these backups to work from no local store. Ie i don't know the HEAD, and in that case someone could tamper with my pointer.

Kinda surprising that Age doesn't have a way to handle this. Shame, but good to learn.

Cryptopals is interesting, appreciate the link! I'll also look into that book, thank you! Did you find the book a bit deep? I have no intention of writing my own crypto, i just want to use it reliably and correctly.
lijogdfljk
·4 yıl önce·discuss
Mind describing (to a layman?) how checksums can help Age prevent switcharoo?

I ask because i've been writing a datastore of sorts that's immutable. Ie all content addressed. I plan to add some basic encryption for cloud storage primarily, however if Age could let someone swap file contents then i can't use Age.

I know someone's thinking "if it's content addressed how can someone tamper with the file contents?" - they can't, of course, but that only works if you know the HEAD's to point to. If you don't, say you're doing a full recovery, you slurp in all the content IDs and now have to determine which one is the HEAD. This is where tampering could take place, hypothetically, as they could not just swap the file contents but _also_ change the hashes/content IDs.

In a content addressed system signing the HEAD is really the only thing needed, since everything else can be validated via checksum. However i think it still needs signing, no?

Sidenote, i know next to nothing about crypto practices. I desperately need to find a class which teaches necessary knowledge to use crypto correctly in your own programs.