Return-Path: X-Original-To: distix@pieni.net Delivered-To: distix@pieni.net Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) by pieni.net (Postfix) with ESMTPS id 28EED44FD0 for ; Mon, 3 Jul 2017 18:30:07 +0000 (UTC) Received: from platypus.pepperfish.net (unknown [10.112.101.20]) by yaffle.pepperfish.net (Postfix) with ESMTP id 9E4E441C7E; Mon, 3 Jul 2017 19:30:06 +0100 (BST) Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) id 1dS66o-0003Eb-K3; Mon, 03 Jul 2017 19:30:06 +0100 Received: from [10.112.101.21] (helo=inmail2.pepperfish.net) by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian)) id 1dS66n-0003A4-Jv for ; Mon, 03 Jul 2017 19:30:05 +0100 Received: from relay4-d.mail.gandi.net ([217.70.183.196]) by inmail2.pepperfish.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1dS66k-0001kK-NI for obnam-dev@obnam.org; Mon, 03 Jul 2017 19:30:05 +0100 Received: from mfilter20-d.gandi.net (mfilter20-d.gandi.net [217.70.178.148]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id 2137E17209B for ; Mon, 3 Jul 2017 20:29:56 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter20-d.gandi.net Received: from relay4-d.mail.gandi.net ([IPv6:::ffff:217.70.183.196]) by mfilter20-d.gandi.net (mfilter20-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id F-YKIDpm6H5u for ; Mon, 3 Jul 2017 20:29:54 +0200 (CEST) X-Originating-IP: 74.125.82.47 Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47]) (Authenticated sender: hsivonen@hsivonen.fi) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id B0DD9172095 for ; Mon, 3 Jul 2017 20:29:54 +0200 (CEST) Received: by mail-wm0-f47.google.com with SMTP id 62so176405341wmw.1 for ; Mon, 03 Jul 2017 11:29:54 -0700 (PDT) X-Gm-Message-State: AKS2vOynxf27cB5pQ1fm3Mfs4hi3tFbPjV3UxEp61//itBDNpw3lYVYX c0wN4zVwfLz1rQVilYHNwt3186AVlg== X-Received: by 10.80.138.34 with SMTP id i31mr15963090edi.119.1499106594140; Mon, 03 Jul 2017 11:29:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.137.150 with HTTP; Mon, 3 Jul 2017 11:29:53 -0700 (PDT) In-Reply-To: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> From: Henri Sivonen Date: Mon, 3 Jul 2017 21:29:53 +0300 X-Gmail-Original-Message-ID: Message-ID: To: Wladimir Palant Content-Type: text/plain; charset="UTF-8" X-Pepperfish-Transaction: c010-696f-a359-f781 X-Spam-Score: -0.6 X-Spam-Score-int: -5 X-Spam-Bar: / X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 19:30:05 +0100 X-Spam-Report: Content analysis details: (-0.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 PPF_RECEIVED_HTTP Received header mentions http -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [217.70.183.196 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [217.70.183.196 listed in list.dnswl.org] 1.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source [74.125.82.47 listed in dnsbl.sorbs.net] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-ACL-Warn: message may be spam X-Scan-Signature: ac9a687be1135cef12dfc12106e1b84a Cc: obnam-dev@obnam.org Subject: Re: [rfc] Passphrase-based encryption X-BeenThere: obnam-dev@obnam.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Obnam development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: obnam-dev-bounces@obnam.org Errors-To: obnam-dev-bounces@obnam.org On Mon, Jul 3, 2017 at 1:14 AM, Wladimir Palant wrote: > with GPG being great and all that, I'd still prefer having the option to use > a plain passphrase and AES encryption with obnam. If you don't need AES specifically, you can find an XSalsa20+Poly1305 implementation at: https://github.com/hsivonen/obnam/compare/salsa?expand=1 (It was written before libsodium has XChaCha20.) I haven't had the time to write proper unit tests, benchmarks or docs, which is why I haven't tried upstreaming it. > --encryption-algo=aes-128 allowing to specify other key sizes. Probably more important that letting users tweak the key size is to make sure that the AEAD construction is good and suitable for use with a randomly-generated nonce for the amount of data one would expect to encrypt using Obnam. I don't know if CFB fits this, but XSalsa20+Poly1305 or XChaCha20+Poly1305 should (the non-X variants of Salsa20 and ChaCha20 *don't*). -- Henri Sivonen hsivonen@hsivonen.fi https://hsivonen.fi/ _______________________________________________ obnam-dev mailing list obnam-dev@obnam.org http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org