summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom133
1 files changed, 133 insertions, 0 deletions
diff --git a/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom
new file mode 100644
index 0000000..853f760
--- /dev/null
+++ b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom
@@ -0,0 +1,133 @@
+Return-Path: <obnam-dev-bounces@obnam.org>
+X-Original-To: distix@pieni.net
+Delivered-To: distix@pieni.net
+Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221])
+ by pieni.net (Postfix) with ESMTPS id 9BCE344F74
+ for <distix@pieni.net>; Tue, 4 Jul 2017 06:41:44 +0000 (UTC)
+Received: from platypus.pepperfish.net (unknown [10.112.101.20])
+ by yaffle.pepperfish.net (Postfix) with ESMTP id 280E741DDB;
+ Tue, 4 Jul 2017 07:41:44 +0100 (BST)
+Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net)
+ by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
+ id 1dSHWq-0006lz-41; Tue, 04 Jul 2017 07:41:44 +0100
+Received: from [10.112.101.21] (helo=inmail2.pepperfish.net)
+ by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian))
+ id 1dSHWp-0006lo-9F
+ for <obnam-dev@obnam.org>; Tue, 04 Jul 2017 07:41:43 +0100
+Received: from relay2-d.mail.gandi.net ([217.70.183.194])
+ by inmail2.pepperfish.net with esmtps
+ (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
+ (envelope-from <hsivonen@hsivonen.fi>) id 1dSHWn-0006UJ-9s
+ for obnam-dev@obnam.org; Tue, 04 Jul 2017 07:41:43 +0100
+Received: from mfilter29-d.gandi.net (mfilter29-d.gandi.net [217.70.178.160])
+ by relay2-d.mail.gandi.net (Postfix) with ESMTP id 1E27FC5A63
+ for <obnam-dev@obnam.org>; Tue, 4 Jul 2017 08:41:35 +0200 (CEST)
+X-Virus-Scanned: Debian amavisd-new at mfilter29-d.gandi.net
+Received: from relay2-d.mail.gandi.net ([IPv6:::ffff:217.70.183.194])
+ by mfilter29-d.gandi.net (mfilter29-d.gandi.net [::ffff:10.0.15.180])
+ (amavisd-new, port 10024)
+ with ESMTP id fSOWi2gJob0Y for <obnam-dev@obnam.org>;
+ Tue, 4 Jul 2017 08:41:33 +0200 (CEST)
+X-Originating-IP: 74.125.82.48
+Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48])
+ (Authenticated sender: hsivonen@hsivonen.fi)
+ by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id AE6D4C5A69
+ for <obnam-dev@obnam.org>; Tue, 4 Jul 2017 08:41:33 +0200 (CEST)
+Received: by mail-wm0-f48.google.com with SMTP id w126so185943047wme.0
+ for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 23:41:33 -0700 (PDT)
+X-Gm-Message-State: AKS2vOxsvIADdUoe0N7VVv17hCFgs3X/BW829tCeulK29Ofjtm/Yot5D
+ CBMeYwcO4xe8yOX6gEs/FYLfbbmMSg==
+X-Received: by 10.80.173.85 with SMTP id z21mr17616844edc.10.1499150493195;
+ Mon, 03 Jul 2017 23:41:33 -0700 (PDT)
+MIME-Version: 1.0
+Received: by 10.80.137.150 with HTTP; Mon, 3 Jul 2017 23:41:32 -0700 (PDT)
+In-Reply-To: <f1809076-4875-1c34-b321-681ccf1b2071@palant.de>
+References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
+ <CAJQvAueazfvt9g2nPsqyuzecJXU0BRVs7hyZoqFBdG3bCmxO+w@mail.gmail.com>
+ <f1809076-4875-1c34-b321-681ccf1b2071@palant.de>
+From: Henri Sivonen <hsivonen@hsivonen.fi>
+Date: Tue, 4 Jul 2017 09:41:32 +0300
+X-Gmail-Original-Message-ID: <CAJQvAuePi1ULTxJJKmwwwSNRn-dRuK0cfjWMqm2nBQDqYxeDzw@mail.gmail.com>
+Message-ID: <CAJQvAuePi1ULTxJJKmwwwSNRn-dRuK0cfjWMqm2nBQDqYxeDzw@mail.gmail.com>
+To: Wladimir Palant <gtiobnam@palant.de>
+Content-Type: text/plain; charset="UTF-8"
+X-Pepperfish-Transaction: b48f-cc43-c640-3b98
+X-Spam-Score: -2.1
+X-Spam-Score-int: -20
+X-Spam-Bar: --
+X-Scanned-By: pepperfish.net, Tue, 04 Jul 2017 07:41:43 +0100
+X-Spam-Report: Content analysis details: (-2.1 points)
+ pts rule name description
+ ---- ---------------------- --------------------------------------------------
+ 0.5 PPF_RECEIVED_HTTP Received header mentions http
+ -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
+ [217.70.183.194 listed in wl.mailspike.net]
+ -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
+ [score: 0.0000]
+ -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
+ trust [217.70.183.194 listed in list.dnswl.org]
+ -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
+X-ACL-Warn: message may be spam
+X-Scan-Signature: 5c9ebe5549acf97681f6c358f7c1c00a
+Cc: obnam-dev@obnam.org
+Subject: Re: [rfc] Passphrase-based encryption
+X-BeenThere: obnam-dev@obnam.org
+X-Mailman-Version: 2.1.5
+Precedence: list
+List-Id: Obnam development discussions <obnam-dev-obnam.org>
+List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
+ <mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
+List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
+List-Post: <mailto:obnam-dev@obnam.org>
+List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
+List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
+ <mailto:obnam-dev-request@obnam.org?subject=subscribe>
+Sender: obnam-dev-bounces@obnam.org
+Errors-To: obnam-dev-bounces@obnam.org
+
+On Mon, Jul 3, 2017 at 10:16 PM, Wladimir Palant <gtiobnam@palant.de> wrote:
+> On 03.07.2017 20:29, Henri Sivonen wrote:
+>> Probably more important that letting users tweak the key size is to
+>> make sure that the AEAD construction is good and suitable for use with
+>> a randomly-generated nonce for the amount of data one would expect to
+>> encrypt using Obnam. I don't know if CFB fits this, but
+>> XSalsa20+Poly1305 or XChaCha20+Poly1305 should (the non-X variants of
+>> Salsa20 and ChaCha20 *don't*).
+>
+>
+> CFB uses initialization vectors (randomly generated for each file in my
+> case) which I think serve a similar purpose. But I'm not really familiar
+> with either Salsa20 or ChaCha20 so I would be grateful if you could expand.
+> What kind of issues is this about?
+
+If the nonce has too few bits, the probability of nonce reuse is more
+than negligible for randomly-generated nonces. The X in XSalsa20 and
+XChaCha20 stands for eXtended nonce: A nonce that's long enough that
+the probability of nonce reuse with randomly-generated nonces is
+considered negligible. XSalsa20 uses a 192-bit nonce. Salsa20 uses a
+64-bit nonce.
+
+A 192-bit nonce is considered long enough in order for it to be OK to
+generate the nonce simply by pulling the bits out of a random number
+generator while a 64-bit nonce is too short for that to be OK. I now
+fail to find a good paper that would explain why 192 bits is
+considered enough and how bad 128-bit nonces are, but it is a matter
+of probability. (I can't recall how the probability threshold for
+"negligible" is chosen.)
+
+> Are you implying that these algorithms
+> would be better performance-wise?
+
+At least ChaCha20 outperforms AES in the absence of hardware support
+for AES (such as Intel AES-NI).
+https://www.imperialviolet.org/2013/10/07/chacha20.html
+
+--
+Henri Sivonen
+hsivonen@hsivonen.fi
+https://hsivonen.fi/
+
+_______________________________________________
+obnam-dev mailing list
+obnam-dev@obnam.org
+http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org