Language Selection

English French German Italian Portuguese Spanish

Nigori: Storing Secrets in the Cloud

Filed under
Software
Security

Nigori is a protocol for storing secrets in the cloud such that the storage need not be trusted and only a single password is required to access secrets.

Table of Contents

1. Introduction
    1.1. Requirements Language
    1.2. Notation
    1.3. Constants
2. Key and Salt Derivation
    2.1. Unassisted Password-based Key Derivation
    2.2. Assisted Password-based Key Derivation
3. Authentication
4. Storage of Secrets
5. Secret Storage at a Single Server
    5.1. Storage
    5.2. Retrieval
6. Secret Storage at Multiple Servers
7. Protocol Details
    7.1. Storage
    7.2. Retrieval
    7.3. Responses
8. Algorithms
    8.1. Shamir Secret Split
9. Examples
10. Pre-calculated values for mod_inverse(x, p)
11. Acknowledgements
12. IANA Considerations
13. Security Considerations
14. References
    14.1. Normative References
    14.2. Informative References
§ Author's Address

Located Here




More in Tux Machines

Qt Creator 4.1 Brings Editor Improvements, Better CMake Support, and New Themes

A new stable version of the cross-platform and open-source Qt Creator IDE (Integrated Development Environment) software has been released recently for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows. Read more

Linux and Graphics

Security News

  • Hacking the American College Application Process
    In recent years, foreign students have streamed into American universities, their numbers nearly doubling in the last decade. About half of all international students are coming from Asian countries, many of which have been subject to heavy recruitment from American colleges. Taking advantage of the popularity of an American education, a new industry has sprung up in East Asia, focused on guiding students through the U.S. college application process with SAT preparation courses, English tutors and college essay advisors. But not all college prep companies are playing by the rules. In their investigative series for Reuters, a team of reporters found that foreign companies are increasingly helping students game the U.S. college application process. Some companies have leaked questions from college entrance exams to their students before they take the test. Others have gone so far as to ghostwrite entire college applications and complete coursework for students when they arrive on campus. We spoke with Steve Stecklow, one of the reporters on the team, about what they uncovered.
  • illusive networks' Deceptions Everywhere
    illusive networks' bread and butter is its deception cybersecurity technology called Deceptions Everywhere whose approach is to neutralize targeted attacks and Advanced Persistent Threats by creating a deceptive layer across the entire network. By providing an endless source of false information, illusive networks disrupts and detects attacks with real-time forensics and without disruption to business.
  • Mozila Offers Free Security Scanning Service: Observatory
    With an eye toward helpiing administrators protect their websites and user communities, Mozilla has developed an online scanner that can check if web servers have optimal security settings in place. It's called Observatory and was initially built for in-house use, but it may very well be a difference maker for you. "Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely," the company reports.

Games for GNU/Linux