0.7.0 (to be announced) "seismic orbit"
---------------------------------------
+- Starting with paraslash-0.7.0, the sha256 hash value of each known
+ audio file is stored in the database while older versions employed the
+ sha1 hash algorithm which has been considered insecure since 2005
+ and should no longer be used today. The switch from sha1 to sha256
+ requires users to upgrade their database using the new para_upgrade_db
+ program, followed by re-adding all files to recompute the hashes. With
+ this approach all metadata stored in the database (last played date,
+ num played value, moods, playlists, attributes etc.) are kept. An
+ simpler alternative is to start over from scratch by running the
+ "init" command but this will lose these metadata.
+- Server and client now hash the session keys with sha256 rather
+ than sha1 during the initial handshake. This feature is optional and
+ backwards compatible: old clients can still connect to a new server
+ (using sha1). Also new clients can connect to an old server (again
+ using sha1).
- The new "duration" keyword of the mood grammar makes it possible to
impose a constraint on the duration of the admissible files.
- The long deprecated version 1 mood syntax is no longer supported.
- New option for configure: --enable-ubsan to detect and report undefined
behaviour.
- The "tasks" server command has been removed.
++- The fancy new logo and a minor overhaul of the web pages.
Downloads:
[tarball](./releases/paraslash-git.tar.xz)
para_client init
This initializes a couple of empty tables under
-~/.paraslash/afs_database-0.4. You normally don't need to look at these
+~/.paraslash/afs_database-0.7. You normally don't need to look at these
tables, but it's good to know that you can start from scratch with
- rm -rf ~/.paraslash/afs_database-0.4
+ rm -rf ~/.paraslash/afs_database-0.7
in case something went wrong.
- para_client receives the encrypted buffer and decrypts it with the
user's private key, thereby obtaining the challenge buffer and the
-session key. It sends the SHA1 hash value of the challenge back to
-para_server and stores the session key for further use.
+session key. It hashes the challenge buffer with a crytographic hash
+function, sends the hash value back to para_server and stores the
+session key for further use.
-- para_server also computes the SHA1 hash of the challenge and compares
+- para_server also computes the hash value of the challenge and compares
it against what was sent back by the client.
- If the two hashes do not match, the authentication has failed and
paraslash relies on the quality of the pseudo-random bytes provided
by the crypto library (openssl or libgcrypt), on the security of
the implementation of the RSA and AES crypto routines and on the
-infeasibility to invert the SHA1 function.
+infeasibility to invert the hash function.
Neither para_server or para_client create RSA keys on their
own. This has to be done once for each user as sketched in
AFS database. It contains the information needed to stream each audio
file. In particular the following data is stored for each audio file.
-- SHA1 hash value of the audio file contents. This is computed once
-when the file is added to the database. Whenever AFS selects this
-audio file for streaming the hash value is recomputed and checked
-against the value stored in the database to detect content changes.
+- The cryptographic hash value of the audio file contents. This is
+computed once when the file is added to the database. Whenever AFS
+selects this audio file for streaming the hash value is recomputed
+and checked against the value stored in the database to detect
+content changes.
- The time when this audio file was last played.
File renames and content changes
--------------------------------
-Since the audio file selector knows the SHA1 of each audio file that
+Since the audio file selector knows the hash of each audio file that
has been added to the afs database, it recognizes if the content of
a file has changed, e.g. because an ID3 tag was added or modified.
Also, if a file has been renamed or moved to a different location,
case you'll have to run the oslfsck program of libosl to fix your
database:
- oslfsck -fd ~/.paraslash/afs_database-0.4
+ oslfsck -fd ~/.paraslash/afs_database-0.7
However, make sure para_server isn't running before executing oslfsck.
If you don't mind to recreate your database you can start
from scratch by removing the entire database directory, i.e.
- rm -rf ~/.paraslash/afs_database-0.4
+ rm -rf ~/.paraslash/afs_database-0.7
Be aware that this removes all attribute definitions, all playlists
and all mood definitions and requires to re-initialize the tables.
- Don't leave whitespace at the end of lines.
- The limit on the length of lines is 80 columns.
- Use K&R style for placing braces and spaces:
-
+ <pre>
if (x is true) {
we do y
}
-
+ </pre>
- Use a space after (most) keywords.
- Do not add spaces around (inside) parenthesized expressions.
- Use one space around (on each side of) most binary and ternary operators.
projects / paraslash.git / commitdiff