RedRoom is powered by the Zenroom crypto VM to bring easy to use yet advanced cryptographic functions in Redis.
This software is in ALPHA stage and published for preview.
The main use-case covered is that of secure password storage using hashes inside username keys and check if password matches.
Future plans and low hanging fruits:
- authenticated private messaging using encrypted PUB/SUB channels with asymmetric keypairs
- brute-force resistant hashing with alternatives to SHA512 that cannot run on GPUs
We are open to more ideas: don't hesitate to show us your interest, it motivates us!
RedRoom is developed and tested on Linux, Windows and Mac OS.
RedRoom runs fine on ARM, i386 and x86_64 CPUs.
The Zenroom crypto engine at the core of RedRoom is portable to:
- native iOS framework
- native Android library
- Javascript and WebAssembly
- Cortex chips
- ... even more targets
All commands provided by Redroom are prefixed with ZENROOM.
or ZENCODE.
ZENROOM.EXEC SCRIPT DESTINATION [ KEYS DATA ]
Execute the contents stored in key SCRIPT
using the Zenroom VM language based on Lua, then stores the result in key DESTINATION
; the execution is passed two arguments, the contents of keys KEYS
and DATA
.
ZENCODE.EXEC ZENCODE DESTINATION [ KEYS DATA ]
Execute the human language instructions stored in the key ZENCODE
using the Zenroom VM, then stores the result in key DESTINATION
; the execution is passed two arguments, the contents of keys KEYS
and DATA
. For more information on the human language used see Zencode: Smart contracts for the English speaker.
ZENROOM.SETPASS USERNAME PASSWORD
Safely stores the string PASSWORD
hashed using SHA512 and KDF inside key USERNAME
(base64 encoded). Username keys will not contain actual password strings, but hashes that are only useful to verify if the password given at a login is correct, using ZENROOM.CHECKPASS
.
The Zenroom code used is: write(ECDH.kdf(HASH.new('sha512'),'%s'):base64())
ZENROOM.CHECKPASS USERNAME PASSWORD
Checks that the key USERNAME
is existing and its contents match the PASSWORD
string when hashed using SHA512 and KDF.
A port of redis-benchmark is provided and builds with target make check
.
Performance of ZENROOM.SETPASS
can be tested with:
./benchmark -t zenroom.setpwd -n 1000 -r 1000
On a fifth gen i5 (2.4GHz) running Redis 5 leads to approximately 222 requests per second, each one executing several SHA512 based KDF iterations on each string.
RedRoom is Copyright (C) 2019 by the Dyne.org foundation
Written and maintained by Denis Roio jaromil@dyne.org and co-designed with Andrea D'Intino
RedRoom is Copyright (c) 2019 by the Dyne.org foundation
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.