1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from bagpuss.pepperfish.net (bagpuss.pepperfish.net [148.251.8.16])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPS id DC1372122D
for <distix@pieni.net>; Wed, 22 Jun 2016 00:43:51 +0200 (CEST)
Received: from platypus.pepperfish.net (unknown [10.112.100.20])
by bagpuss.pepperfish.net (Postfix) with ESMTP id 6E209CBE;
Tue, 21 Jun 2016 23:43:51 +0100 (BST)
Received: from ip6-localhost ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1bFUOd-0002uQ-8h; Tue, 21 Jun 2016 23:43:51 +0100
Received: from inmail0 ([10.112.100.10] helo=mx0.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1bFUOb-0002u7-N5
for <obnam-dev@obnam.org>; Tue, 21 Jun 2016 23:43:49 +0100
Received: from smtp.gentoo.org ([140.211.166.183])
by mx0.pepperfish.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80) (envelope-from <robbat2@gentoo.org>) id 1bFUOY-0006Mu-4A
for obnam-dev@obnam.org; Tue, 21 Jun 2016 23:43:49 +0100
Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id D0ED2340813
for <obnam-dev@obnam.org>; Tue, 21 Jun 2016 22:43:29 +0000 (UTC)
Received: (qmail 6771 invoked by uid 10000); 21 Jun 2016 22:43:30 -0000
Date: Tue, 21 Jun 2016 22:43:29 +0000
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: obnam-support@obnam.org, obnam-dev@obnam.org
Message-ID: <robbat2-20160621T214546-798847087Z@orbis-terrarum.net>
References: <20160619083904.GA18768@orbis-terrarum.net>
<bfb55cce-243c-2d4a-4dfe-3600fed3237a@antipoul.fr>
MIME-Version: 1.0
In-Reply-To: <bfb55cce-243c-2d4a-4dfe-3600fed3237a@antipoul.fr>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -9.8
X-Spam-Score-int: -97
X-Spam-Bar: ---------
X-Scanned-By: pepperfish.net, Tue, 21 Jun 2016 23:43:49 +0100
X-Spam-Report: Content analysis details: (-9.8 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 PPF_USER_AGENT_MUTT User-Agent: contains Mutt (Mutt isn't a spam
tool) -0.5 PPF_USER_AGENT User-Agent: exists
-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high
trust [140.211.166.183 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-ACL-Warn: message may be spam
X-Scan-Signature: 87e18d81b9e4f41a85b0d3590907fca5
Subject: Re: [1/2] GPG & performance: a deep-dive
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: obnam-support@obnam.org, obnam-dev@obnam.org
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4727345661079074573=="
Mime-version: 1.0
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
--===============4727345661079074573==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="2WS97oupGEGbYNpW"
Content-Disposition: inline
--2WS97oupGEGbYNpW
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jun 19, 2016 at 10:53:37PM +0200, Adrien CLERC wrote:
> Le 19/06/2016 =E0 10:39, Robin H. Johnson a =E9crit :
> > - Plan for moving to PyCrypto or other for symmetric crypto
> I totally understand the goal, and can only support you. However,
> PyCrypto is not compatible with PyPy, as 'Cryptography' is. That's why
> paramiko did the switch recently (http://www.paramiko.org/changelog.html).
> Based on https://github.com/paramiko/paramiko/pull/394 it seems that the
> switch is better on every aspect. Do you have the time to inspect this
> solution?
If you look at email 2/2, the big concern isn't which toolkit we pick,
but that the data can be linked to the correct toolkit when it comes
time to decrypt it later, and that old chunks are also still correctly
handled.
I have used Crytography.io elsewhere, and it was on par with PyCrypto
performance for what I was doing, but I didn't benchmark heavily.
At that point, with files including a header that describes how we need
to handle them, encryption.py can become an interface, and we can
implement many variations.=20
Example variations:
1. Pure GPG (present state)
2. GPG for asymmetric, PyCrypto/Cryptography.io/PyNaCl for symmetric
3. Pure PyCrypto/Cryptography.io/PyNaCl
4. Upgrade path variations - Read ANY, write Y
#2 would be a trivial upgrade for existing repos: just upgrade all of
your clients and enable it. Old chunks would continue to be encrypted
with GPG, and still readable, while new chunks are generated much
faster.
If you don't care about the above, you can have a PyCrypto or
Cryptography.io implementation tomorrow, but recovering your data in
future disasters will be much more painful.
--=20
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
--2WS97oupGEGbYNpW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1
Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it.
iKYEARECAGYFAldpwxBfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDc1OTQwNEJFQkQ0MUY3MTIzODIzODZFRjNF
OTIyQzIyMzIzM0MyMkMACgkQPpIsIjIzwizm1ACgnQMll9fpg5G01pRPTDOkF+uu
n9IAoNjSLlDK1Oz5NGGlaIt7DWcAqatu
=jmne
-----END PGP SIGNATURE-----
--2WS97oupGEGbYNpW--
--===============4727345661079074573==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
--===============4727345661079074573==--
|
