GNU Anastasis v0.1.0 released

[Christian Grothoff]

Dear all,

I'm happy to announce the first public (alpha) v0.1.0 release of GNU
Anastasis.  GNU Anastasis is a privacy-preserving distributed key
backup and recovery solution. You can use it to distribute key material
across multiple providers and recover your keys by authenticating with
each provider to obtain the key shares. The providers learn nothing
about you in this process, except during recovery when they learn the
minimum amount of information required to authenticate you depending on
the chosen authentication method.

Users can freely choose authentication methods, Anastasis providers and
which combination(s) of providers and authentication methods will be
sufficient to recover the key material.

GNU Anastasis will initially ask you for country-specific highly
personal information. This information will not leave your computer! It
is used as the input into a cryptographic hash function and generates a
unique value that is used to encrypt your recovery policy before it is
uploaded to the Anastasis providers.

GNU Anastasis currently has the following key features:

- Authentication via SMS, postal mail, E-mail, security question
  or SEPA wire transfer from a designated bank account
- Integrated support to anonymously pay Anastasis providers using
  GNU Taler
- Gtk+ graphical user interface with the ability to suspend and
  resume recovery processes (while you wait for your mail to arrive)

We encourage you to try out GNU Anastasis, but please be aware of the
following limitations:

- Currently, only two public providers are operational, and you
  must select "Demoland" on "Testcontinent" and pay with "KUDOS" to
  get them (right now, they are configured to be free of charge).
  In "Demoland", you do not have a social security number, but a
  prime number. Pick your own (ideally unique) prime ;-).
  We do not claim that these services are stable for serious backups.
- SEPA wire transfer authentication is offline until we finish the
  necessary steps with a bank.
- Postal mail is offline due to the associated cost until GNU Taler
  payments are operational. SMS may be taken offline if it becomes
  expensive ;-).

Also, we can still use some help to put GNU Anastasis into production:

- The lists of country-specific questions we ask about individuals
  should be reviewed. Are there other answers users could give that
  a) they cannot forget (so asking this does not harm availability),
  b) have high entropy (so they add much security),
  c) are ideally private information only few people have access to, and
  d) are not used in one of the authentication processes?
  Also, the list of countries supported right now is still quite short,
  so help with adding more would be very welcome!
- We're looking for additional trustworthy organizations that are
  willing to run reliable Anastasis providers to enable users to
  distribute their secrets across more countries and continents.


You can download GNU Anastasis from:

* All GNU FTP mirrors         ftp://ftpmirror.gnu.org/gnu/anastasis/
* Our Git repository is at                    https://git.taler.net/

Please report bugs to our bugtracker at   https://bugs.anastasis.lu/

An introduction can be found at      http://www.gnu.org/s/anastasis/
Additional documentation  is at           https://docs.anastasis.lu/
Our corporate Web site is at                   https://anastasis.lu/
The mailinglist is https://lists.gnu.org/mailman/listinfo/anastasis/

This project has received funding from the European Union’s Horizon 2020
research and innovation programme within the framework of the LEDGER
Project funded under grant agreement No 825268.


Happy hacking!

Christian

signature.asc
Description: OpenPGP digital signature