If you're on this website today, it's probably because I gave you a flier at RWC2019. This website has a nice summary, but be sure to have a look at the documentation. It contains extensive discussion of the cryptography and threat model. You are invited to read and attack. Your comments will help make this open-source, open-specification project safer. Many thanks. --Jonas
EasySafe in a nutshell
- Your Passphrase
- Your computers
- Your stuff
You can find your data from anywhere in the world using only your passphrase. No accounts, IDs or routing info required!
You can give an optional seed-only key to peers to hold onto your encrypted data for you without being able to read it.
EasySafe does not distribute your data across a "cloud" of unknown servers, even in encrypted form. You control the physical location of your data.
There are no centralized servers whatsoever that you need to rely on. You control your data, and you don't have to worry about EasySafe going out of business or spying on you.
EasySafe's cryptography is fully-documented, complete with a rigorous threat model. This makes it easy for you to audit it and see for yourself why it's so secure.
There are absolutely no backdoors built in to let someone read the encrypted data without knowledge of the passphrase.
EasySafe is fully accessible via a RESTful API, making it simple to integrate with scripts, tooling and web pages.
Filesystems can optionally make write access dependent on an additional secret, providing a secure censorship-resistant means of broadcast.
How it Works
Your passphrase is turned into a key.
Keys are created from your passphrase using Argon2. This takes a few seconds on a typical computer, so it's very costly to brute force, even with specialized hardware like ASICs.
Your key is used to encrypt a directory.
A combination of ChaCha20-Poly1305, BLAKE2 and Ed25519 are used to encrypt and authenticate your files.
All your computers automatically find each other over the Internet.
Your key is used to locate other systems on the Internet that were set up with the same passphrase. EasySafe uses a Kademlia-style distributed hash table, so no central servers are required. Encrypted data is then exchanged in a Noise-based protocol.
Read and write from anywhere.
Any system with the passphrase can read and write to the directory simultaneously and share their changes. You only have to download the files you're interested in.
Who is EasySafe for?
Anyone who wants to store or distribute data easily, safely or privately.
What does it do?
EasySafe is a decentralized read-write filesystem that you can access anywhere using only a passphrase, from as many places as you want.
Where is my data stored?
Only on your computers. There is also a special "seed passphrase" that you can give to someone to let them help distribute the data, without being able to read it themselves.
How do I install it?
EasySafe isn't quite ready for public use yet. A first release should be available around March 2019. You can sign up for the mailing list if you want to know when it's available!
What does it cost?
Nothing, this is free software (as in speech, and beer).
Does EasySafe track revisions?
Yes, EasySafe maintains an authenticated revision history, similar to Git. Every version of every file is stored until you want to delete them.
Can an EasySafe be edited in multiple places at the same time?
Yes! EasySafe works fine with multiple simultaneous writers. If two systems edit the same file, one version is selected to appear in the consensus view of the filesystem, but both versions appear in the history and remain accessible.
What if two different people use the same passphrase?
They'll be able to see and edit each other's data! Pick a good passphrase and keep it secret if you don't want this to happen.
Does this involve "The Blockchain" or cryptocurrencies?
There are no blockchains involved in EasySafe. At no point does EasySafe require anyone to mine anything, or become invested in a digital currency.
What data does EasySafe collect on its users?
None. The EasySafe network is fully decentralized, so no one is in any position to spy on EasySafe users. The program does not "phone home."
Can the DHT peers see my passphrase or access my files?
EasySafe derives many separate keys from your passphrase, with different responsibilities. The key derived for use on the DHT is only used for finding peers. DHT peers receiving a request from you cannot look up your EasySafe in the DHT themselves without knowledge of your seed key. They also can't connect to your computers even if they learn their routing information, or read your files if they somehow come into possession of any of the encrypted data.
What about brute force attacks?
Your passphrase is hashed with Argon2, with settings designed to take a few seconds per passphrase on a typical computer. Even with very generous assumptions about what an adversary can do, a modest passphrase like "correct horse battery staple" will cost over $7 billion to attack today. It is expected that a highly capable attacker must spend at least $1 million to attack a similar passphrase until 2038, assuming Moore's law-like improvement of their capabilities over time.
How strong a passphrase do I need for EasySafe?
The confidentiality of an EasySafe depends entirely on the strength of its passphrase. Typical passwords selected by end users are typically far too weak.
Diceware passphrases are generated by selecting random words, with 12.925 bits of entropy per word. This creates memorable, high-entropy passphrases. Combined with the very high cost of key derivations in EasySafe, a 5-word passphrase is likely to be impractical to brute force for many decades, even assuming the current exponential pace of computing is sustained.
Could someone build an ASIC to attack passphrases very quickly?
The kinds of extreme efficiency gains observed in SHA256 ASIC miners are unlikely to be seen here. Argon2 is specifically designed to maximize the cost of password cracking on ASICs.
Why should I trust your security?
EasySafe is free and open source (FOSS) software. If you'd rather get high-level technical details on how the security works, there's a cryptography overview that you can read.
How does EasySafe deal with firewalls?
Each peer attempts to initiate and receive connections. If you're behind a firewall, you should forward a port for EasySafe. UPnP support is included. If you can't forward a port, you can still connect to peers with open ports.
What if I have questions or concerns about the cryptography?
Definitely let me know! The whole point of putting up a pre-release webpage with so much detail about the cryptography is to solicit feedback and discover security issues.
Who made this, and why?
I'm Jonas Acres. I'm a cryptographic engineer and software developer. I made this because I wanted to set up distributed folders for free, wherever I wanted, without any fuss, and without anyone spying on me.
This is awesome, can I hire you to consult on my project?
Totally! Here are some of the things I do consulting for:
- Cryptography and information security
- Simulation and mathematical modeling
- Algorithm design
Shoot me an e-mail in the contact section and we can start talking about how to solve your problems.
Leave your e-mail address if you want to be notified when EasySafe is available for use.