Skip to content

New secret links design and huge speed ups

Compare
Choose a tag to compare
@ianopolous ianopolous released this 30 Jul 14:31
· 187 commits to master since this release

A brand new and much better design for secret links. Previous secret links were pure capabilities in the URL. This meant revoking them required rotating all the keys which is expensive. They are also very long, e.g. https://peergos.net/#%7B%22secretLink%22:true%2c%22link%22:%22#6MDZhRRPT4ugkJuUfcWtaZodN5QYzkZKJtHpDHomFJrVhNSZysiFYimpgtcA2F/6MDZhRRPT4ugkJuUfcRzRbPpFimcBNJx2N9TJDnL4W3ETYhwdsWdvgCkXkwipF/FCYSFhpQ1xD2cydr6CFQ6UwFkgB82pWReAUzKVDxe4KA/5Pf7SvCG1mMtui2aPd9F3SH2wdwsPro1GxTa7VfxkWrj9XQGAUB%22%2c%22open%22:true%2c%22path%22:%22/demo/%22%7D

The new secret links require the assistance of your home server (or a mirror). The capability that was in the URL before is now encrypted and stored in a new champ on the identity writer data. There is a new server API to lookup a secret link and return the ciphertext. This is then decrypted locally using the hash in the URL and optionally an additional password supplied by the user.

This means the URLs can be much shorter (4x), e.g. https://your-domain/secret/z59vuwzfFDoy1Mya69m7j1nZHL7hH4yLpAN7qKQusEUREveNVJifs9R/1368969#cWNWXq9jPahK

The new champ includes the mirror bat in its root block so the champ itself is not public, meaning the number of secret links you have is not revealed to anyone but your server and mirrors.

Because we are using the server, we can get it to enforce expiry times or n-use links. Revoking these links is instant because you just need to delete the mapping from the champ. We also allow writable secret links, with a suitable warning that holders of the link could fill your space quota (until we implement subquotas). Links can also had additional password protection.

If you migrate to another server, your links come with you and all pre-existing secret links will continue to work. There is no limit to the number of links you can create, because they are just normal blocks that contribute to your space usage.

The password based encryption on each link is designed to take 100 years to brute force if you have 1,000,000 GPUs, each of which can do 1M scrypt hashes per second.

Uploading small files has been optimised by uploading cbor blocks and raw blocks concurrently, rather than in 2 steps. Also by grouping small raw blocks and writing them directly to Peergos server, rather than S3 in direct S3 case.

The reason this is so beneficial is direct S3 uploads from browser are constrained by http1.1. This means we can only upload 5 blocks concurrently over the 5 connections provided by the browser.

Features:

  • new secret links design with:
    • expiring secret links
    • n-use secret links
    • password protected secret links
    • writable secret links
    • instant revocation
    • supported when migrating server
  • mkdir in shell CLI
  • fullscreen support in html browser
  • support large file streaming in apps
  • double click to open in any installed app
  • open json files in text editor
  • move built-in tasks app to an installable app
  • ebook reader app
  • support downloading all your data in a single zip file
  • ease installation of recommended apps supporting a given file type

Optimisations:

  • Local S3 small block buffer (50x faster small writes)
  • 10x faster signing and signature verification (use webcrypto Ed25519 when present)
  • 2-3x faster bulk small file/folder upload
  • 20% faster large file upload
  • cache profile pictures in newsfeed

Fixes:

  • support wasm mimetype
  • fix failed uploads in a different writing space
  • fix an edge case in revoking write access
  • Support general mimetypes in the gateway for public websites

Mirrored at https://peergos.net/public/peergos/releases

Release commit:
web-ui/3ef5e383e9fe01ee2710b13ab15b7e733bae5e52