[Hackmeeting] Tomb stable release 1.3

Delete this message

Reply to this message
Author: Jaromil
Date:  
To: hackmeeting
Subject: [Hackmeeting] Tomb stable release 1.3

re all,

giro la nuova release di Tomb che puo' interessare anche qui, in inglese
qui sotto. Presentammo il software all'hackmeeting di due anni fa a
Firenze, era la versione 1.2 che gia' riscosse apprezzamenti. Dopo due
anni sono state aggiustate cose e aggiunte succose features, a voi la
scoperta. Un ringraziamento speciale a Boyska che ha dedicato molta
attenzione alla buona riuscita di questa release, pure contribuendo la
nuova parte sperimentale per le chiavi in KDF e una GUI in python
(trovate tutto nella dir extras/ ). Happy diggin'!


Here the Changelog entry:

May 2013 - 1.3

    A refactoring of Tomb's main script internals was made, including
    a new messaging system, machine parsable output, cleaner code and
    updated compatibility to Debian 7. A new search feature lets users
    index and run fast filename searches in their open tombs. Creation
    of tombs is broken out in three steps (dig, forge and lock).
    Source distribution includes experimental add-ons for a python
    GUI, KDF key encryption and a key "undertaker". Documentation was
    updated.


README follows


    .....                                                ..
 .H8888888h.  ~-.                                  . uW8"
 888888888888x  `>        u.      ..    .     :    `t888
X~     `?888888hx~  ...ue888b   .888: x888  x888.   8888   .
'      x8.^"*88*"   888R Y888r ~`8888~'888X`?888f`  9888.z88N
 `-:- X8888x        888R I888>   X888  888X '888>   9888  888E
      488888>       888R I888>   X888  888X '888>   9888  888E
    .. `"88*        888R I888>   X888  888X '888>   9888  888E
  x88888nX"      . u8888cJ888    X888  888X '888>   9888  888E
 !"*8888888n..  :   "*888*P"    "*88%""*88" '888!` .8888  888"
'    "*88888888*      'Y"         `~    "    `"`    `%888*%"
        ^"***"`                                        "`


A minimalistic commandline tool to manage encrypted volumes v.1.3

                   http://tomb.dyne.org



Tomb aims to be a free and open source system for easy encryption and
backup of personal files, written in code that is easy to review and
links shared GNU/Linux components.

At present time, Tomb consists of a simple shell script (Zsh) using
standard filesystem tools (GNU) and the cryptographic API of the Linux
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications.

** How does it works

This tool can be used to dig .tomb files (Luks volumes), forge keys
protected by a password (GnuPG symmetric encryption) and use the keys
to lock the tombs. Tombs are like single files whose contents are
unaccessible in absence of the key they were locked with and its
password.

Once open the tombs are just like normal folders and can contain
different files, plus they offer advanced functionalities like bind
and execution hooks and fast search, or they can be slammed close even
if busy. Keys can be stored on separate media like USB sticks, NFC or
bluetooth devices to make the transport of data safer: one always
needs both the tomb and the key, plus its password, to access it.

The tomb script takes care of several details to improve the security
of tombs in every day usage: adopting pinentry for passwords,
facilitating the storage of backup keys using image steganography,
listing open tombs and selectively closing them, warning the user
about their size and last time they were used, etc.

** How secure is this?

Death is the only sure thing in life. Said that, Tomb is a pretty
secure tool especially because it keeps minimal, its source is always
open and its code is easy to review with a bit of shell script
knowledge.

All encryption tools being used in Tomb are included as default in
many GNU/Linux operating systems and therefore are regularly peer
reviewed: we don't add anything else to them really, just a layer of
usability.

The code of Tomb can be read in a literate programming style on
http://tomb.dyne.org/literate

** Stage of development

Tomb is an evolution of the 'mknest' tool developed for the dyne:bolic
GNU/Linux distribution, which is used by its 'nesting' mechanism to
encrypt the Home directory of users, a system implemented already in
2001. Since then, the same shell routines kept being maintained and in
2007 they were adapted to work on Debian and Arch distributions.

As of today, Tomb is a well stable tool also used in mission critical
situations by a number of activists in endangered zones. It has been
reviewed by forensics analysts and it can be considered to be safe for
military grade use, where the integrity of informations stored depend
from the user's behaviour and the strenght of a standard AES256
CBC-ESSIV encryption algorithm.

** How can you help

Code is pretty short and readable: start looking around it and the
materials found in doc/ which are good pointers at security measures
to be further implemented.

Tomb's developers can be contacted via the "crypto" mailinglist on
http://lists.dyne.org

Enthusiastic ideas are in the TODO file.

Donations are always welcome, see http://dyne.org/donate

Information on developers involved is found in the AUTHORS file.