
Librevault: Open source zero-knowledge peer-to-peer file sync - im_dario
https://librevault.com/
======
Ar-Curunir
I wish people would stop using the phrase "zero knowledge" willy nilly. It has
a specific meaning within cryptography.

~~~
anateus
Yeah... I kept looking for the way this is ZK. Do they just mean that the
files are encrypted on their servers and so they can't read them?

I understand accidentally stepping on a term from an adjacent field, but using
it this way for a product that presumably is crypto-centric is a bit of a red
flag.

~~~
GamePad64
I have no server infrastructure. ZK in this context means, that you can create
an encrypted share. But, I think, it is not an appropriate term here.

------
swordswinger12
Can you describe your file encryption procedure? In the Meta::Chunk class the
'encrypt' function only computes AES-CBC with no MAC, but there are calls to
compute_strong_hash at other points in the library. There are references to a
(non-cryptographic) Rabin hash as well as SHA2-224 and SHA3-224 in these
functions - which is used for ciphertext authenticity and integrity?

~~~
GamePad64
During the indexing procedure, the value of SHA3-224(AES256(data)) is computed
for each chunk.

Then, the list of these hashes is placed into Meta structure. After that, this
Meta is ECDSA-signed using a EC point, decoded from A-type secret.

Any other type of secret contain the public part of EC point and can verify
the signature.

~~~
swordswinger12
So is there a per-chunk MAC, or do you rely on the signed hashes of ciphertext
for the integrity and authenticity of each chunk?

~~~
GamePad64
Actually, there is per-chunk HMAC support in the protocol and present
revisions add HMAC for each chunk into Meta:
[https://github.com/Librevault/librevault-
common/blob/master/...](https://github.com/Librevault/librevault-
common/blob/master/src/Meta_s.proto#L68)

This HMAC is computed over plaintext chunks and used to determine, if we
already have this chunk in database (because of random IV we get different
hash of ciphertext every time), not for verification.

And what is wrong about verifying integrity and authenticity by hash-then-
sign?

~~~
swordswinger12
Maybe nothing, but it's just kind of a weird, nonstandard way of doing things.
Also it's not immediately obvious to me that your method meets modern security
definitions like IND-CCA2.

------
evolve2k
Please add some basic instructions on how to use this on a local network.

I tried the following:

1\. Download app and install

2\. "Add folder" new key, select folder I want to sync. Ok. Folder did not
then appear in the list as expected. It should it appear in the window
straight away, right?

3\. I then installed the software on another computer.

4\. On other computer clicked 'Open URL' and added
"lvlt:<secret_key_from_step_2_above>". OK. This did nothing either.

Where am I going wrong. Please add a basic getting started to your site which
shows the basic steps to add a folder on one computer and then set up another
computer to sync the folder down onto.

Looks like a great little app. thx in advance for your assistance.

------
radarsat1
Sounds awesome. I think your website could use an explanation of the term
"zero-knowledge".

~~~
GamePad64
Thank you for advice. This revision of the website is a stub, it does not
contain any useful information, just some general words. It will be heavily
reworked soon.

Also, I will add the comparison table with Syncthing, BTSync and some cloud
storages, like Dropbox.

~~~
swordswinger12
Have you thought about just not using the phrase "zero knowledge" at all?

~~~
GamePad64
I don't use it on GitHub page. It updates more frequently than the site. The
next revision of the website will contain a new motto, but I have to make a
new motto first.

------
ilurkedhere
Very nice. It seems a lot less janky than Syncthing (web UI, constant process
restarts)

~~~
skrowl
SyncTrayzor (windows client implementing synching) is pretty nice. It runs as
a tray icon but when you click it, it loads like a native app even though it's
a web app (similar to electron)

~~~
GamePad64
But it is still a web ui, not a native one. Also, SyncTrayzor itself is not
cross-platform, so Linux users have to install syncthing-inotify for watching
the directories for changes.

~~~
skrowl
It's network compatible with and syncthing clients. Syncthing is an open
standard with dozens of client apps.

------
sciyoshi
Looks great! Any plans to document the synchronization protocol?

I've been using SyncThing but it lacks the main feature I need, which is to
selectively synchronize only certain files to other devices.

~~~
GamePad64
Yes. The protocol is pretty stable now, it hasn't been changed for a while and
has necessary extension points, so I can add more features in the future. I
will publish the protocol specification in two weeks.

------
rwj
Are there any plans for a headless server. I'm still looking for a good way to
sync my NAS to my desktop.

~~~
GamePad64
It is headless by design. GUI and synchronization daemon are separate
applications, that communicate using the WebSocket protocol. So, you can
install your sync daemon to NAS and you are good.

But to let you control the daemon via the net, I am making Web UI, that will
enable you to fully control synchronization process from your browser.

------
reicher89
Something I just noticed after testing Librevault today... Extremely low
CPU/power consumption. Nice!!!

------
stewbrew
How does it compare to syncthing et al?

~~~
GamePad64
There are certain differences between Librevault and Syncthing now:

* Librevault is simpler for the end user. From my perspective, Syncthing doesn't aim to be user-friendly. More like geek-only solution.

* Librevault supports adding a folder by key, like BTSync. And also, it supports a URL scheme for adding a new folder just by clicking it in the browser: [https://librevault.com/blog/lvlt-scheme/](https://librevault.com/blog/lvlt-scheme/)

* inotify, fsevents, kqueue and ReadDirectoryChangesW support out of the box. Syncthing requires you to install a separate third-party plugin for this.

* DHT support, so it doesn't need any trackers for peer discovery. DHT is Mainline DHT, so it can connect to BitTorrent clients and ask them for peers. It means, that Librevault can participate in the world's largest distributed peer discovery network and will not suffer the lack of DHT nodes.

Also, it has a proper (!) desktop UI inspired by BitTorrent Sync 1.3.

------
ausjke
Geez, that's what I am exactly working on off-work, slowly but the idea is
nearly 100% identical.

~~~
rakoo
Heh, me as well
([https://github.com/rakoo/rakoshare](https://github.com/rakoo/rakoshare))
although I've been trying other technologies and combinations lately, slowing
the development a lot.

------
armistace
Looks interesting I am looking for a new private file sync application. Any
plans for Arch Linux (Can build it myself but find AUR easier) and android?

~~~
GamePad64
Yes, I am planning versions for Arch and Fedora soon. Android version is in
plans, too, but I need to make desktop version stable first.

