From 88b01c18177ffa0632c140760d9a037be4a7757a Mon Sep 17 00:00:00 2001 From: distix ticketing system Date: Tue, 4 Jul 2017 06:50:50 +0000 Subject: imported mails --- .../Maildir/new/1499151049.M494914P13007Q1.koom | 133 +++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom (limited to 'tickets') diff --git a/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom new file mode 100644 index 0000000..853f760 --- /dev/null +++ b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499151049.M494914P13007Q1.koom @@ -0,0 +1,133 @@ +Return-Path: +X-Original-To: distix@pieni.net +Delivered-To: distix@pieni.net +Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) + by pieni.net (Postfix) with ESMTPS id 9BCE344F74 + for ; Tue, 4 Jul 2017 06:41:44 +0000 (UTC) +Received: from platypus.pepperfish.net (unknown [10.112.101.20]) + by yaffle.pepperfish.net (Postfix) with ESMTP id 280E741DDB; + Tue, 4 Jul 2017 07:41:44 +0100 (BST) +Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) + by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) + id 1dSHWq-0006lz-41; Tue, 04 Jul 2017 07:41:44 +0100 +Received: from [10.112.101.21] (helo=inmail2.pepperfish.net) + by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian)) + id 1dSHWp-0006lo-9F + for ; Tue, 04 Jul 2017 07:41:43 +0100 +Received: from relay2-d.mail.gandi.net ([217.70.183.194]) + by inmail2.pepperfish.net with esmtps + (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) + (envelope-from ) id 1dSHWn-0006UJ-9s + for obnam-dev@obnam.org; Tue, 04 Jul 2017 07:41:43 +0100 +Received: from mfilter29-d.gandi.net (mfilter29-d.gandi.net [217.70.178.160]) + by relay2-d.mail.gandi.net (Postfix) with ESMTP id 1E27FC5A63 + for ; Tue, 4 Jul 2017 08:41:35 +0200 (CEST) +X-Virus-Scanned: Debian amavisd-new at mfilter29-d.gandi.net +Received: from relay2-d.mail.gandi.net ([IPv6:::ffff:217.70.183.194]) + by mfilter29-d.gandi.net (mfilter29-d.gandi.net [::ffff:10.0.15.180]) + (amavisd-new, port 10024) + with ESMTP id fSOWi2gJob0Y for ; + Tue, 4 Jul 2017 08:41:33 +0200 (CEST) +X-Originating-IP: 74.125.82.48 +Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) + (Authenticated sender: hsivonen@hsivonen.fi) + by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id AE6D4C5A69 + for ; Tue, 4 Jul 2017 08:41:33 +0200 (CEST) +Received: by mail-wm0-f48.google.com with SMTP id w126so185943047wme.0 + for ; Mon, 03 Jul 2017 23:41:33 -0700 (PDT) +X-Gm-Message-State: AKS2vOxsvIADdUoe0N7VVv17hCFgs3X/BW829tCeulK29Ofjtm/Yot5D + CBMeYwcO4xe8yOX6gEs/FYLfbbmMSg== +X-Received: by 10.80.173.85 with SMTP id z21mr17616844edc.10.1499150493195; + Mon, 03 Jul 2017 23:41:33 -0700 (PDT) +MIME-Version: 1.0 +Received: by 10.80.137.150 with HTTP; Mon, 3 Jul 2017 23:41:32 -0700 (PDT) +In-Reply-To: +References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> + + +From: Henri Sivonen +Date: Tue, 4 Jul 2017 09:41:32 +0300 +X-Gmail-Original-Message-ID: +Message-ID: +To: Wladimir Palant +Content-Type: text/plain; charset="UTF-8" +X-Pepperfish-Transaction: b48f-cc43-c640-3b98 +X-Spam-Score: -2.1 +X-Spam-Score-int: -20 +X-Spam-Bar: -- +X-Scanned-By: pepperfish.net, Tue, 04 Jul 2017 07:41:43 +0100 +X-Spam-Report: Content analysis details: (-2.1 points) + pts rule name description + ---- ---------------------- -------------------------------------------------- + 0.5 PPF_RECEIVED_HTTP Received header mentions http + -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) + [217.70.183.194 listed in wl.mailspike.net] + -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% + [score: 0.0000] + -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low + trust [217.70.183.194 listed in list.dnswl.org] + -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders +X-ACL-Warn: message may be spam +X-Scan-Signature: 5c9ebe5549acf97681f6c358f7c1c00a +Cc: obnam-dev@obnam.org +Subject: Re: [rfc] Passphrase-based encryption +X-BeenThere: obnam-dev@obnam.org +X-Mailman-Version: 2.1.5 +Precedence: list +List-Id: Obnam development discussions +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Sender: obnam-dev-bounces@obnam.org +Errors-To: obnam-dev-bounces@obnam.org + +On Mon, Jul 3, 2017 at 10:16 PM, Wladimir Palant wrote: +> On 03.07.2017 20:29, Henri Sivonen wrote: +>> Probably more important that letting users tweak the key size is to +>> make sure that the AEAD construction is good and suitable for use with +>> a randomly-generated nonce for the amount of data one would expect to +>> encrypt using Obnam. I don't know if CFB fits this, but +>> XSalsa20+Poly1305 or XChaCha20+Poly1305 should (the non-X variants of +>> Salsa20 and ChaCha20 *don't*). +> +> +> CFB uses initialization vectors (randomly generated for each file in my +> case) which I think serve a similar purpose. But I'm not really familiar +> with either Salsa20 or ChaCha20 so I would be grateful if you could expand. +> What kind of issues is this about? + +If the nonce has too few bits, the probability of nonce reuse is more +than negligible for randomly-generated nonces. The X in XSalsa20 and +XChaCha20 stands for eXtended nonce: A nonce that's long enough that +the probability of nonce reuse with randomly-generated nonces is +considered negligible. XSalsa20 uses a 192-bit nonce. Salsa20 uses a +64-bit nonce. + +A 192-bit nonce is considered long enough in order for it to be OK to +generate the nonce simply by pulling the bits out of a random number +generator while a 64-bit nonce is too short for that to be OK. I now +fail to find a good paper that would explain why 192 bits is +considered enough and how bad 128-bit nonces are, but it is a matter +of probability. (I can't recall how the probability threshold for +"negligible" is chosen.) + +> Are you implying that these algorithms +> would be better performance-wise? + +At least ChaCha20 outperforms AES in the absence of hardware support +for AES (such as Intel AES-NI). +https://www.imperialviolet.org/2013/10/07/chacha20.html + +-- +Henri Sivonen +hsivonen@hsivonen.fi +https://hsivonen.fi/ + +_______________________________________________ +obnam-dev mailing list +obnam-dev@obnam.org +http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org -- cgit v1.2.1