1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from bagpuss.pepperfish.net (bagpuss.pepperfish.net [148.251.8.16])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPS id 5A32420F46
for <distix@pieni.net>; Sun, 24 Jul 2016 12:35:32 +0200 (CEST)
Received: from platypus.pepperfish.net (unknown [10.112.100.20])
by bagpuss.pepperfish.net (Postfix) with ESMTP id 9C6D1FD4;
Sun, 24 Jul 2016 11:35:31 +0100 (BST)
Received: from ip6-localhost ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1bRGkt-0005A1-Eo; Sun, 24 Jul 2016 11:35:31 +0100
Received: from inmail0 ([10.112.100.10] helo=mx0.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1bRGkr-00059l-PO
for <obnam-dev@obnam.org>; Sun, 24 Jul 2016 11:35:29 +0100
Received: from pieni.net ([95.142.166.37] ident=postfix)
by mx0.pepperfish.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80) (envelope-from <liw@liw.fi>) id 1bRGkq-0000Jd-1N
for obnam-dev@obnam.org; Sun, 24 Jul 2016 11:35:29 +0100
Received: from exolobe3.liw.fi (91-145-75-165.bb.dnainternet.fi
[91.145.75.165])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPSA id 9906820F46;
Sun, 24 Jul 2016 12:35:21 +0200 (CEST)
Received: from exolobe3 (localhost [127.0.0.1])
by exolobe3.liw.fi (Postfix) with ESMTPS id E1D541204A4;
Sun, 24 Jul 2016 13:35:20 +0300 (EEST)
Date: Sun, 24 Jul 2016 13:35:19 +0300
From: Lars Wirzenius <liw@liw.fi>
To: "Robin H. Johnson" <robbat2@gentoo.org>
Message-ID: <20160724103519.GK5765@exolobe3>
References: <robbat2-20160619T083928-020175588Z@orbis-terrarum.net>
<20160619172717.18445-1-robbat2@gentoo.org>
<20160619172717.18445-2-robbat2@gentoo.org>
MIME-Version: 1.0
In-Reply-To: <20160619172717.18445-2-robbat2@gentoo.org>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-Spam-Score: -2.9
X-Spam-Score-int: -28
X-Spam-Bar: --
X-Scanned-By: pepperfish.net, Sun, 24 Jul 2016 11:35:29 +0100
X-Spam-Report: Content analysis details: (-2.9 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 PPF_USER_AGENT_MUTT User-Agent: contains Mutt (Mutt isn't a spam
tool) -0.5 PPF_USER_AGENT User-Agent: exists
0.5 PPF_MESSAGEID_NODOTS Message-Id contains no dots after the @
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-ACL-Warn: message may be spam
X-Scan-Signature: 2e3bad3f765aaee15ae51b4de60cbfd8
Cc: obnam-dev@obnam.org
Subject: Re: [PATCH] encryption: boost GPG performance.
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2661995853360307077=="
Mime-version: 1.0
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
--===============2661995853360307077==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="GeDkoc8jIzHasOdk"
Content-Disposition: inline
--GeDkoc8jIzHasOdk
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jun 19, 2016 at 10:27:17AM -0700, Robin H. Johnson wrote:
> Boost GPG performance:
> - disabling compression during symmetric encryption.
I'm not sure about this. I was taught many years ago cleartext should
be encrypted before compressed to avoid inadvertent leaking about the
nature of the data.
I understand that it makes encryption happen faster. If you're OK with
any risks related to that, you can configure gpg to not compress. I'm
not OK with making this a unilateral decision for all Obnam users.
Obnam can compress the data itself, of course. However, that's also
going to take time, and I'd really rather not make people accidentally
have a less safe encrypted setup if they forget to turn Obnam
compression on.
> - tuning symmetric key handling.
>=20
> Also adds configuration options symmetric-cipher and symmetric-digest
> for tuning GPG behavior.
I'm afraid I don't want these settings in Obnam. I'd rather users put
them into their gpg.conf. If necessary, they can use Obnam's
--gnupghome setting to use a custom gpg.conf just for Obnam.
If we start adding a setting to Obnam for every GnuPG setting an Obnam
user might want, we'll end up with replicating almost everything in
Obnam. That would be bad.
> obnamlib/encryption.py | 38 +++++++++++++++++++++++++----
> obnamlib/plugins/encryption_plugin.py | 44 ++++++++++++++++++++++++++++=
++----
Without the two changes, nothin about the changes to these files
remains, I'm afraid.
> test-gpghome/random_seed | Bin 600 -> 600 bytes
I assume including changes in random_seed was an accident and that
nothing important changed there.
> + # cipher and digest are unused with GPG, as the values used to encry=
pt the
> + # data are stored in the S2K packet data.
> + # the parameters are here for future interface symmetry.
YAGNI.
--=20
Schr=F6dinger's backup hypothesis: the condition of any backup is
undefined until a restore is attempted. -- andrewsh
--GeDkoc8jIzHasOdk
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXlJnnAAoJEGwvphbseiAx6OcP/3XT9wIwG9qKgkwCaCGdIJqb
HXvUli7xDvBDWZEQLz+qIJjjqb0B4a0vOPEDugaW2SuzUFTneQtDEWzUwufnT4GU
mPmQbKSOIYVTEODOwOS/6pHKY4TeGUMeOk4b81l4rKrkofeirZ2o0s7igdOhrbsH
v1XAuR1aR+sAyW81MuMj6V3MDxmZql4PkzpRyLCiVuw7igS8avBeGRRhOcG4v7o7
dB1hZSTIvC9aKqWHxOn6KC7VJPBoIUE8UmIIsnZiohP7MSymtgH3HlicD9/0XDki
ghP8+EpxPeCzq/YnftIm555qLSCuax79Uole3chFkRVJHQGn8l8X3DkWz2xcqZ99
zFm4Y8RbtWJRvZKZddUkccE5eYzwaIXazk+6CGKo3e8fhsQmI6sw6tkLon8KIQm9
78I4uzytceP2O5y118mZHf7j4yWpPvn+ccyzO3Y46Y6GZtIVCtFu4lZTDLLuv+Ct
4afTxeymCYxIWnP2qIsV3oe57icytrxpl+FdxWXJ3cYNeN2QStKvnFZj1VUugT7R
HuVKNHH4yf/qW7Kw5BW1x8nUBSyf10SkcBWBRLswUVT01ly8DwMMc0fUzoYpIV2H
p82BAAQxR+Uszsa4G6Oyv7OhxvfGmcaWwCmwi3Ze5zqQ4EnqWAxhq0WG8oVz/8lz
UWQv1aBIoD3PHi2EIIEq
=RFoH
-----END PGP SIGNATURE-----
--GeDkoc8jIzHasOdk--
--===============2661995853360307077==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
--===============2661995853360307077==--
|
