Re: Some questions about rsyncrypto
Brought to you by:
thesun
Menu
▾
▴
Re: Some questions about rsyncrypto
|
From: Shachar S. <rsy...@sh...> - 2005-07-30 06:47:20
|
Michal 'hramrach' Suchanek wrote:
>This plus the explanation below makes me beleive it could work. Testing
>with a small 26M file shows it works which is great :)
>
>
>The fact that some parts of ciphertext are the same ( and reflect
>similarities in the plaintext) does not sound too dangerous to me.
>
>But revealing the names of the files and their lenght could be a
>problem.
>
>
Actually, next version will solve that problem. We'll rename files when
we encrypt them, and keep an (encrypted) file with the translation. This
will also back up other meta data (permission, special files, links
etc.). The only information not encrypted will be the file's last
modified time, and the size. Of course, the size will not be the same as
before the encryption, due to compression and overheads, but it is still
a quantity that cannot be said to be through a proper encryption algorithm.
>So I would rather get a solution where the files are split in blocks and
>stuffed into some block pool on the remote side.
>
I'm not sure I trust myself to perform block splitting at this time.
This method also doesn't work well with rsync.
> Which probably means I
>could not use standard rsync. I need to be able to get some blocks
>unconditionally (those which describe the pool layout) and rsync others
>(and they would have to be concatenated before syncing to get anything
>efficient).
>
>
Which means that the remote side has to know which blocks go with which.
That effectively eliminates all of the advantages you gained from the
splitting.
>Also I was thinking I could use something like ext2 filesystem to store
>the blocks but there is a problem with the inodes. If I simply encrypted
>them it would enlarge them and the whole thing would not fit together.
>On the other hand, I can just append some garbage to the data blocks
>so that everything is the same size.
>
>
You're going the wrong way, I think. Anything that requires the site
storing the encrypted file to know how things are pieced together may
just as well not be done at all. If the remote site needs to know which
block comes before which, we might as well not split into blocks at all.
>Thanks
>
>Michal Suchanek
>
>
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/
|