[bburshteyn]

Hi, I am Boris, creator of Cryptomove (and the Hello distributed programming language with which it is built -- see www.amsdec.com).

Welcome any and all feedback. Looking forward to working with initial users to get to product market fit!

Thanks and please enjoy! Follow us on www.twitter.com/cryptomove.

[2ton_jeff]

Impressive amount of effort here. How is this different/better than using a strong static encryption for data and then using "normal" redundant cloud storage services like backblaze? Also, why did you choose Nettle's pbkdf2_hmac_sha256 for key derivation, and how does a user-supplied password end up mixed with server generated ones? (or am I confused altogether?)

[bburshteyn]

Thank you for your kind words!

The technical difference is that in cryptomove data are broken apart so that the parts travel around the store -- either on the same or between different servers. there is no assumption that the store is in any dedicated location. In fact, Cryptomove is not a service -- it is software that anyone can employ to build either private store within one server, or spread out between several servers as long as they can connect via TCP/IP and have access to mounted disks with directories.

I do not know internal implementation of backblaze or other storages. But Cryptomove architecture allows for the saved data to be broken apart, and for encryption and movement and of the resulting data parts. When one forces the access to a disk through which the parts move, or even to a memory of the server through which the part moves, there is practically no way to know which part belongs to which original file. This way, even if the attacker gets a hold on the data, there is no easy way to find where the data of interest is. The idea is for Cryptomove to be the last line of defense -- even if the data is stolen there is no way to know which data is which. Even if one freezes all servers involved (one actually needs to know which servers are involved which is again a very hard task), the sheer amount of parts with encrypted names makes identification task very hard.

I have chosen pbkdf2_hmac_sha256 for key derivation because it is described as a hash generation function with very low probability of collisions and reversing. Cryptomove had chosen Nettle because it is free open source low level cryptographic library.

When the file is saved, the client daemon encrypts data parts using user the keys generated from the user supplied password. After these parts are mutually XOR-ed and bit-scattered, they are directed to the servers. Then these parts get encrypted with the server password on each server during its forward movement -- each server encrypts the part on top of the previous server encryption. Actually, after the part is encrypted, it immediately moves onto another server, so that getting the part on a server knowing that server password is useless -- the part has been encrypted on a different server. ON the way back, the part gets first decrypted, then re-encrypted again.

When the part is restored from the store back to client following the 'get' command, it gets decrypted on the way back by each server, and finally all parts get decrypted by the client, which reassembles them back into the original file. Hope hte above helps at least in PART:-)

[mirimir]

It looks cool :)

Can users run storage servers?

Does it work via Tor?

Can servers run as Tor onion services?

[bburshteyn]

Thank you for your enthusiasm -- we think Cryptomove is cool too!

There are no special provisions right now to have storage in the cloud or on any special servers. This alpha version has servers making TCP/IP connections. The data is stored in directories that have to reside on mounted disks. So, as long as TCP/IP connection works and directories are available, the servers may reside anywhere; as long as disks are mounted, they can also reside anywhere (say, NFS).

Obviously, versions beyond alpha might choose to have a hierarchy of storage devices -- from memory disks to mounted disks to cloud storages.

Cryptomove does not use any TOR interface.

The current version randomly sends data parts from one server to another via a TCP/IP connection, or moves the part within the local store. Therefore, the path traveled is not known in advance. However, the movement is star-like -- after the part hops randomly N steps, it retracts back to the point of origin retracting the same path.

On the forward path, each data part is encrypted (AES) on each server with that server's password, so at the end of the path of N steps it is encrypted N times. When retracting, on each server it gets decrypted, and then re-encrypted again.

When it comes back to the base server, it immediately starts another random path forward, again being encrypted moving away at the base over and over, while being decrypted/re-encrypted on the way back.

By default, the movement is not frequent -- each part moves once a day. If there are many parts, then one would see constant movement of random parts in random directions. However, data user may accelerate default movement frequency. Similarly, system owners (Admins) can slow down or accelerate the frequency of any part that travels through a particular server.

[mirimir]

Thanks.

Let's say that I had a server at <https://dbshmc5frbchaum2.onion>. Could I point Cryptomove to, for example, <https://dbshmc5frbchaum2.onion.to>?

Does Cryptomove require UDP?

[bburshteyn]

Yes, you can do that. Please see section 4.4.3 "Cluster Membership" from the Guide, on page 50 -- it explains how to set hosts to connect to and hosts to prohibit connections from.

Cryptomove does not require UDP.

[mirimir]

Thanks. I will definitely test this.

[nickodell]

How do you ensure that you don't forget data while you're moving it around?

[bburshteyn]

When the part lands on a server, it initiates a periodic pulse -- a sequence of message sent from that server back to the base server from where the part had originated. Each message traverses the so far traveled path in the backward direction, and drops a little encrypted file that contains a reference to the previous server. This way, when a user gets the file from the store, the servers follow the tracks of each part.

When a part leaves a server to another server, it stops the current pulse -- the target server initiates a new pulse.

Each pulse erases the previous track file on each server it travels through.

[chatmasta]

What if two neighboring servers fail at the same time?

[bburshteyn]

Currently, no fail-over of any kind is implemented in Cryptomove.

If one or more servers go down, all parts that currently reside on those servers obviously remain there. When a down server comes back again, it restarts the movement of all parts that used to reside there before the failure.

This may hamper delivery of data parts upon restore request in case some parts reside on the down server. However, the parts of the saved file is always duplicated on the client before they are directed to the servers. Thus, if enough servers are still up, the restore request may still fetch copies that are still on the up servers, and which path back to the base also goes through the up servers.

Again, currently copies of the same data part travel independently and randomly. In the worst case scenario it may happen that all of them end up on the down server, or that for all of them the path back to their base server has a down server. This however, seems unlikely if there is enough copies and up servers.

Also, when a server decides to push a data part onto another server, it only does it onto a server that is up. All servers maintain keep-alive heartbeats with the members of their clusters, so they know which cluster servers are up and which are down. Of course, it may happen a server goes down in the middle of a data piece transmission. In this case, if it is the source server, it will restart transmission upon its own restart. If it is the target server, the source server will receive a timeout or an exception, and will re-transmit the same part later to an online server (might even be the same target server that went down in case it had come back again).