tTODO.org - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
tTODO.org (3844B)
---
1
2 TODO and Roadmap for Tomb
3
4 you are welcome to send patches to jaromil@dyne.org
5
6 Issue tracking is now handled via GitHub, see http://github.com/dyne/Tomb
7
8 Roadmap notes:
9
10 * Release 3.0
11
12 *** [#A] support BtrFS and snapshots
13 *** [#A] system to split passwords in parts (ssss)
14 *** [#B] modular encryption system support
15
16 to go beyond dm-crypt/cryptsetup
17
18 ecryptfs, tc-play
19
20 needs tomb marks appended at end of tombs
21
22 *** [#B] udev rules to avoid usb automount of keyplug in gnome
23 *** [#B] sign and verify tomb script integrity
24 *** [#B] make a graphical tomb undertaker (gnome-druid in glade?)
25 *** [#B] analyse and show tomb entropy using libdisorder
26 *** [#B] use inotify on tomb
27 inotify can also count when was the last time tomb was used and
28 unmount it automatically after a timeout, see how much free space
29 is left and warn when the space is almost finished
30
31
32 ** Notes from #CybRes
33
34
35 *** mlocall per swap )vecna) rompigli il caz su github
36 *** steganografia migliore con outguess? (vecna)
37 *** velocita' creazione : fallocate -l 10G (scuall8907@gm)
38
39
40 * DONE Release 2.0 :100%:
41
42 ** [#A] support for ZFS filesystem (revisioning, bitrot)
43 ** [#A] support for partition-based tombs
44 ** DONE [#B] Internationalization using gettext
45
46 Started generating the strings, still need to figure out how to
47 install it
48
49 ** DONE [#B] better tomb locksmith code for key management
50 ** DONE [#B] backup keys on qrcodes
51 ** DONE [#B] indeep security analysis of possible vulnerabilities
52 ** [#C] more gtk dialogs for configurations? keep it minimal!
53
54
55
56
57 * DONE Release 1.0 :100%:
58
59 ** TODO [#C] make one single status handle more tombs
60 ** TODO [#C] decorate creation wizard with ASCII art
61
62 ** DONE [#B] remove gnome dependencies from tomb core :jaromil:
63
64 gksu is deeply connected to gnome in all its packages. actually
65 libgksu2-dev is and that doesn't helps.
66
67 gksu binary is a very simple and dirty code, we should have
68 tomb-ask to use the libgksu library for privilege escalation, but
69 then this would add the dependency into C linking...
70
71 the solution is for now to detect if gksu is present, else fallback
72 to sudo and provide it an interface to ask the password graphically
73 via pinentry
74
75 ** DONE [#B] SLAM tomb and kill all applications using it :anathema:
76
77 using lsof and fuser(1) we can do that easily
78
79 we should ask user confirmation when closing a tomb if to slam
80
81 tomb-askpass will become tomb-ask managing such user interaction,
82 using libassuan and pinentry from the gpg project.
83
84 ** DONE [#B] fix operation without DISPLAY (over SSH) :hellekin:
85 ** DONE [#A] steganography to store tomb key :jaromil:
86
87 steghide can hide keys in JPG, BMP, WAV or AU files it also takes
88 care of compressing end encrypting the key file so we don't
89 necessarily need gpg... it has Serpent and AES256 (CBC)
90
91 ** DONE [#A] use a posix thread instead of fork for status close :jaromil:
92 ** DONE [#A] use a config file to map bind mounts :jaromil:
93
94 done as file 'bind-hooks' inside tom. also 'post-hooks' is executed
95 as user in case symlinks are needed and so
96
97 using mount -o bind we can trigger actions to be made after mounting
98 a tomb so that personal directories appear in the home folder.
99
100 ** DONE [#A] desktop integration the freedesktop way :jaromil:
101 ** DONE [#B] debian packaging with desktop integration :jaromil:
102 ** DONE [#A] Avoid overwriting key on exhume on same filename
103 ** DONE [#A] Should refuse opening a tomb that is already open :jaromil:
104
105
106 * TODO Porting to MS/Windows
107
108 using FReeOTFE http://www.freeotfe.org
109
110 or at least make it compatible with http://www.sdean12.org/SecureTrayUtil.htm
111
112 * TODO Porting to Apple/OSX
113
114 still to be investigated what's there that supports cryptsetup-luks volumes. hditool, tcplay...
115