[Anastasis] GNU Anastasis v0.2.0 released

[Christian Grothoff]

Dear all,

I'm happy to announce GNU Anastasis v0.2.0.

GNU Anastasis is a privacy-preserving distributed key backup and
recovery solution. You can use it to distribute key material across
multiple providers and recover your keys by authenticating with each
provider to obtain the key shares. The providers learn nothing about you
in this process, except during recovery when they learn the minimum
amount of information required to authenticate you depending on the
chosen authentication method.

Users can freely choose authentication methods, Anastasis providers and
which combination(s) of providers and authentication methods will be
sufficient to recover the key material.

GNU Anastasis will initially ask you for country-specific highly
personal information. This information will not leave your computer! It
is used as the input into a cryptographic hash function and generates a
unique value that is used to encrypt your recovery policy before it is
uploaded to the Anastasis providers.

This release adds:

- Support for TOTP authentication (RFC 6238)
- Privacy policy and terms of service support
- Selection of providers (say to ensure minimum liability insurance)
- various cosmetic improvements

We encourage you to try out GNU Anastasis, but please be aware of the
following limitations:

- Currently, only two public providers are operational, and you
  must select "Demoland" on "Testcontinent" and pay with "KUDOS" to
  get them (right now, they are configured to be free of charge).
  In "Demoland", you do not have a social security number, but a
  prime number. Pick your own (ideally unique) prime ;-).
  We do not claim that these services are stable for serious backups.
- SEPA wire transfer authentication is offline until we finish the
  necessary steps with a bank.
- Postal mail is offline due to the associated cost until GNU Taler
  payments are operational. SMS may be taken offline if it becomes
  expensive ;-).

Also, we can still use some help to put GNU Anastasis into production:

- The lists of country-specific questions we ask about individuals
  should be reviewed. Are there other answers users could give that
  a) they cannot forget (so asking this does not harm availability),
  b) have high entropy (so they add much security),
  c) are ideally private information only few people have access to, and
  d) are not used in one of the authentication processes?
  Also, the list of countries supported right now is still quite short,
  so help with adding more would be very welcome!
- We're looking for additional trustworthy organizations that are
  willing to run reliable Anastasis providers to enable users to
  distribute their secrets across more countries and continents.


You can download GNU Anastasis from:

* All GNU FTP mirrors         ftp://ftpmirror.gnu.org/gnu/anastasis/
* Our Git repository is at                    https://git.taler.net/

Please report bugs to our bugtracker at   https://bugs.anastasis.lu/

An introduction can be found at      http://www.gnu.org/s/anastasis/
Additional documentation  is at           https://docs.anastasis.lu/
Our corporate Web site is at                   https://anastasis.lu/
The mailinglist is https://lists.gnu.org/mailman/listinfo/anastasis/

This project has received funding from the European Union’s Horizon 2020
research and innovation programme within the framework of the LEDGER
Project funded under grant agreement No 825268.


Happy hacking!

Christian

signature.asc
Description: OpenPGP digital signature