Category Archives: FOSS

How does Weave use Cryptography?

October 11, 2009 By in FOSS, Mozilla, Programming 13 Comments

I’m back from the EU MozCamp in Prague and we all had a great time! Check out the slides from my talks: Labs Overview and Weave in Depth.

A few people at the MozCamp were interested in Weave’s use of cryptography to protect the user’s data and privacy. Although the specs for the Weave server are available, it may take someone new a while to wrap their head around the whole scheme. I’m going to attempt explaining what crypto operations we do and why we do it in this blog post.

First, let’s get some basic definitions out of the way. Symmetric cryptography means you have one key that can perform both encryption and decryption, and they are complementary operations. For Weave, we use AES with a 256 bit key, and we use it in a mode that requires an ‘initialization vector’ for every decryption. Asymmetric cryptography means there’s a pair of keys (usually called ‘public’ and ‘private’ keys). A piece of text “encrypted” by one key can only be “decrypted” by the other key. Here, we use RSA with a 2048 bit private key.

So, when a user first signs up for Weave using the wizard on their computer, we generate a (random) pair of public and private keys. Next, we use the user’s passphrase to create a symmetric key. This is done using a pretty standard algorithm known as PBKDF2 (short for “Password Key Derivation Function”). The PBKDF2 algorithm requires a ‘salt’ value which is also stored on the server. Now that we have a symmetric key, we use it to encrypt the user’s private key and upload it along with the public key to the server. Note that the passphrase is never sent to the server, so if the user’s password ever gets compromised all the attacker can get is their encrypted private key, which really isn’t of much use (especially given that the key is 2048 bits long).

Whenever a particular “engine” is to be synchronized (an engine could be Tabs, Bookmarks, History etc.) we generate a random symmetric key for that engine. This key is then encrypted using the user’s public key (now, one can only retrieve the original symmetric key with the corresponding private key) and uploaded as being associated with a particular engine. All entries (the ‘ciphertext’ property in a “Weave Basic Object”) in that engine are encrypted with the symmetric key that was generated for it.

To make things clear, let’s enumerate the steps we would take to decrypt a single tab object for user ‘foo’:

  1. Find the user’s cluster by making a GET request to https://services.mozilla.com/user/1/foo/node/weave. It returns https://sj-weave06.services.mozilla.com/.
  2. Fetch the user’s encrypted private key and public key from https://sj-weave06.services.mozilla.com/0.5/foo/storage/keys/privkey and https://sj-weave06.services.mozilla.com/0.5/foo/storage/keys/pubkey respectively. The user’s password is required to access these JSON objects.
  3. Ask the user for their passphrase and generate a 256 bit symmetric key from it using PBKDF2 and the ‘salt’ found in the privkey object.
  4. Use the generated symmetric key and the initialization vector found in the ‘iv’ property of the privkey object to decrypt the user’s private key.
  5. Fetch the user’s encrypted tab objects from https://sj-weave06.services.mozilla.com/0.5/foo/storage/tabs/?full=1.
  6. Fetch the corresponding symmetric key (the URL is also listed in the “encryption” property of every WBO), in this case https://sj-weave06.services.mozilla.com/0.5/foo/storage/crypto/tabs.
  7. Decrypt the symmetric key with the user’s private key.
  8. Use the decrypted symmetric key to decrypt any WBO from the tabs collection with the initialization vector found in the ‘bulkIV’ property of the tabs symmetric key WBO.
  9. Profit.

A word about the formats in which the keys are actually stored in. All values are Base64. For symmetric keys, the key is stored as-is. For asymmetric keys, I wish we used a standard format like PKCS#12, but we don’t. It’s still ASN.1 though, in some format NSS exports private keys in. You need to do a bit of ASN.1 parsing to figure out the values you’re interested in.

Fortunately, I’ve already figured out most of the details for you – check out my Javascript or PHP implementations of the crypto elements required to decrypt Weave Basic Objects.

Finally, a quick note about why we do all this. Sharing is now reasonably easy, if you want to share your bookmarks with someone, you just need to encrypt the corresponding symmetric key with their public key and they’re good to go. Also, each WBO has it’s own ‘encryption’ property so this can be as granular as needed. Secondly, the passphrase is never stored anywhere (except possibly on the user’s computer) so the server never sees anything other than encrypted blobs of Base64′ed text. Along with making HTTPS mandatory, we think this is a pretty secure way of protecting the user’s data.

If you have other encryption schemes that might fit into Weave’s use cases please let us know! (We’ve already been looking at interesting developments in this area such as Tahoe). I’d also love to hear from you if you have any questions on our current cryptography scheme. We’re constantly trying to improve the security and efficiency of our system so these details are only valid until we change our scheme :-)

Now, go write that third-party Weave client, you have no excuse not to!

Heading to Prague…

October 1, 2009 By in Conferences, FOSS, Mozilla, Places 1 Comment

I’m off to the beautiful city of Prague, or “Praha” as it is known locally, for the European MozCamp of 2009. Memories from the MozCamp last year are still fresh, and I’m definitely looking forward to this one!

On Friday, we’re going to be hosting a Labs Hackathon on Jetpack. This is your chance to get to know more about the framework that’s so easy to use that your mom could write an extension with it. Maybe not your Grandma though, you do need to know a bit of Javascript ;) The hack session will last as long into the night as needed for you folks to come up with amazing ideas for Jetpacks and implement them. Drew Willcoxon from the Firefox team and I will be on hand all day to help you, so feel free to come and poke us. Oh, I almost forgot to mention that there’s Free Pizza involved.

On Saturday, I’ll be giving a talk on Weave. With 0.7 just released, we’ll be taking a look at our current state, what’s in store for the future, and maybe a few cool demos. We’re also especially interested in engaging with addon developers to see what Weave can do to make it easier for them to add sync functionality to their addons.

Be there!

Labs Night: Openness and Competition

June 27, 2009 By in FOSS, Hacks, Mozilla, Technology Leave a comment

Last night, Joseph Smarr from Plaxo was our guest speaker and he talked about how the “web is going social”, and how the “social web is going open”. We discussed all the elements that make up the social web today: identity providers, social web providers and content aggregators, and how each of  them are leveraging open standards and protocols such as OpenID and OAuth to create better experiences for their users. Check out his slides here.

This talk was a nice prelude to some interesting discussion about the role that the browser can play in handling the user’s data and identity on their behalf. Very relevant to this was also the recent experimentation by Weave on identity in the browser, and Myk gave us a demo of the auto-sign-in features.

Labs Night is also a chance for everybody to talk about cool stuff they’ve been working on, so Brandon gave us an update on what’s new in Ubiquity 0.5. There’s some really neat stuff in there: Ubiquity is possibly one of the first pieces of software that perform truly internationalized natural language parsing (0.5 rolls out with support for Japanese and Danish). Do check out this blog post for a detailed discussion of the features in 0.5.

I followed with an update on some of the work I’ve been doing with Jetpack – namely providing the capability for “jetpacks” to record audio. The code to enable this is checked into the repository, but you’ll have to wait until a release later this month if you’re not feeling brave enough to build the extension from source to play around with it. I was especially interested to know the kinds of applications that might be possible with this capability, so you if you have any ideas, I’d love to hear them. Myk also gave us a demo of the new streamlined way of subscribing to feeds using Snowl, check out this release announcement for more details on what’s new with the message reader you know you want to use!

Paul Tarjan from the Searchmonkey team at Yahoo! gave us some really cool demos demonstrating Searchmonkey Objects and YQL. I’m especially excited about YQL because it can make some of the back-end ubiquity code really simple and efficient. Incidentally, the Bing team was here at Mozilla just a couple of days ago and they also demoed some features similar to Searchmonkey Objects, albeit restricted to video and snippets of data for now.

Search is starting to feel exciting again, a sentiment similar to one we feel in the browser space today. There’s a lot of innovation in the area outside of the big daddy, and it is indeed heartening to see that major players in the web are beginning to recognize the importance of openness and competition :)

Labs Nights are monthly events, so we look forward to seeing you sometime in July to discuss more cool stuff that everyone’s been working on!

The Summer of Code is here again!

March 23, 2009 By in FOSS, Gentoo, Glendix, Google, Mozilla, Plan9, Programming, SoC, Technology Leave a comment

It’s that time of the year. Google is, yet again, sponsoring students to write some awesome open source code this summer. If you’re a student, and you’d like to make some money contributing to some of the most well known and exciting open source software projects out there, you’d be missing out on a lot by not applying.

If you’re wondering about what the best way to get started is, check out this great advice page. All projects have also been tagged by programming language and field in this delicious profile. You can also search for ideas here.

I’m going to be mentoring for Mozilla, Glendix (under the Plan 9 Umbrella) and Gentoo this year. Get in touch if you’re interested in any of those ideas :)

The window for applications opens in a few hours. Good luck everyone!

FOSS.IN/08: Summary

November 30, 2008 By in Conferences, FOSS, FOSS.IN, Gentoo, Glendix, Hacks, Mozilla, People, Plan9, Programming 2 Comments

As a developer, I have to say that FOSS.IN/08 is possibly the most productive conference I’ve been to until now! In just 5 days, I’ve got more things done than I have in the last 5 months :-)

Let’s start with the Beacon workout: Nandeep joined us via VoIP and we got started almost immediately, thanks to the dynamic nature and small size of our project – we didn’t have any infrastructural trouble as a few other C/C++ projects with huge codebases and complex build systems did. We had a list of 6 tasks in mind, and we managed to complete 3 of them. Salil Kothadia got started with writing a PDO data backend, and promptly submitted the patch to us next day. Thanks Salil, hope you continue to contribute to the development of Beacon (thereby increasing the development team size by 25%)!

I also attended Philip’s workout on porting HTML::Template to Javascript. As mentioned on the Wiki page, we mostly worked on the design during the first half or so, and then moved on to writing a skeleton for the whole framework. I think this is an extremely interesting project, and am very happy to be associated with its birth. Hope we can continue the momentum and work until it is finished.

Perhaps the biggest take-away from the conference for me was the ability to give a lightning talk about Glendix, with several kernel hackers present in the audience. Christoph then kindly offered to review some of the patches during the workout. Even the possibility of Plan 9 binary emulation being considered for inclusion into the main kernel tree is amazing, let alone the fact that I got the guidance of an experienced kernel hacker for a good 2 hours! I think the effort was largely successful – I now have a better idea of what I need to do in order to get a kernel patch in order, and also got a few hints as to how I can implement the missing bits.

My primary focus at the conference was to give a talk on Mozilla Labs and Innovation. I think I managed to stir up a decent amount of interest in the various Labs initiatives. I covered the different ways in which members of the community can contribute, specifically focussing on Weave, Ubiquity and the Concept Series. We even covered how easy it is to actually write an Ubiquity command. I now look forward to increased participation by the Indian Mozilla community in Labs projects. Don’t forget to thank Mary for all the goodies!

All this, apart from regular conference happenings like catching up with old friends, making new ones and free swag (great mugs and t-shirts this time around) makes FOSS.IN/08 one of the most successful conferences I’ve been to so far! I can’t wait for the 2009 edition :-D

Glendix on the Web!

November 27, 2008 By in Conferences, FOSS, FOSS.IN, Glendix, Linux, People, Plan9, Programming 1 Comment

Glendix has been making the rounds on the web lately, with coverage from OSNews, Reddit, and even a Russian site, Linux.org.ru. It’s really motivating to see some buzz around the project, giving me the extra boost needed to push the completion of a usable release!

Some of the major obstacles that have to be crossed before making a beta-quality release are the completion of critical synthetic filesystems – especially /net and /draw. We also have to work out the kinks with per-process namespaces and union mounts. I don’t know if we’ll be able to get Rio running as a WM before an official release; if not, Plan9Port‘s Rio and WMII are good candidates.

The biggest criticism of Glendix seems to be the reasoning that Plan9 user-space tools are somehow superior to their GNU counterparts, and several people have asked us to substantiate our claims. At this point, however, I don’t think that it is really important, or even relevant. Even if Plan9 user-space tools aren’t somehow better – I think it is generally a refreshing idea to see Linux combined with a user-space other than GNU.

We’re at FOSS.IN this year, where a large number of kernel developers have gathered; and I hope to get some of their valuable input on the problems Glendix currently faces, and maybe even write some code to solve them :-)

Thanks for all the community support and critical comments, they are all very vital feedback for the project and are much appreciated!

Follow

Get every new post delivered to your Inbox.