Re: Some questions about rsyncrypto
Brought to you by:
thesun
Menu
▾
▴
Re: Some questions about rsyncrypto
|
From: Shachar S. <rsy...@sh...> - 2005-07-21 09:36:03
|
Michal 'hramrach' Suchanek wrote:
>Hello
>
>First I wonder if rsynrypto does really solve the problem of syncing
>effectively a file to which a single byte was inserted in the middle.
>
>
If we said we do, and you don't believe us, then why would asking again
change anything? :-)
>I myself would not hope any software would solve that for encrypted
>files. But I do not understand cryptography and a person who studied it
>already assured me that it is likely possible to solve the problem.
>
>
Rsyncrypto will reset the encryption stream back to what it looked like
eventually, and so only the area around the inserted byte would have to
be resynced. Don't take my word for it, however. Feel free to test it
out. We now offer a 50% discount over our usual free of charge price tag
for users of rsyncrypto who only want to test it out.
>Second I do not understand why a new key is generated for each file.
>
Common industry practice.
> Is
>the encryption so severely wakened that one cannot afford encrypting
>larger amount of data?
>
No, but if two files started the same, this would show up if they were
encrypted using the same key and IV. Since generating a symmetric key is
very easy, there is really no reason not to use different keys for
different files.
> What about files that are already gigabytes
>or tens of gigabytes long?
>
>
If standard CBC were used, then the IV would not repeat itself (unless
by chance), which means that the attacker cannot deduct anything from
cipher text repetitions.
In rsyncrypto things are a little less simple. Long enough (about 16KB
after compression, IIRC) repetitions inside the same file will result in
repetitions in the cipher text. There is really no way to implement what
rsyncrypto is trying to do without having this effect. If this is a
major problem for you, I can only suggest that you not use rsyncrypto.
If the principle is ok, but you need larger repetition before cipher
text patterns appear, use higher "--roll-min" values. Bear in mind that
this will reduce the efficiency of rsync later. Then again, if you are
using files gigabytes long, rsync will likely choose rather large blocks
to work by, which means that it will not matter much.
>Thanks
>
>Michal Suchanek
>
>
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/
|
