1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221])
by pieni.net (Postfix) with ESMTPS id 28EED44FD0
for <distix@pieni.net>; Mon, 3 Jul 2017 18:30:07 +0000 (UTC)
Received: from platypus.pepperfish.net (unknown [10.112.101.20])
by yaffle.pepperfish.net (Postfix) with ESMTP id 9E4E441C7E;
Mon, 3 Jul 2017 19:30:06 +0100 (BST)
Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1dS66o-0003Eb-K3; Mon, 03 Jul 2017 19:30:06 +0100
Received: from [10.112.101.21] (helo=inmail2.pepperfish.net)
by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian))
id 1dS66n-0003A4-Jv
for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 19:30:05 +0100
Received: from relay4-d.mail.gandi.net ([217.70.183.196])
by inmail2.pepperfish.net with esmtps
(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
(envelope-from <hsivonen@hsivonen.fi>) id 1dS66k-0001kK-NI
for obnam-dev@obnam.org; Mon, 03 Jul 2017 19:30:05 +0100
Received: from mfilter20-d.gandi.net (mfilter20-d.gandi.net [217.70.178.148])
by relay4-d.mail.gandi.net (Postfix) with ESMTP id 2137E17209B
for <obnam-dev@obnam.org>; Mon, 3 Jul 2017 20:29:56 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter20-d.gandi.net
Received: from relay4-d.mail.gandi.net ([IPv6:::ffff:217.70.183.196])
by mfilter20-d.gandi.net (mfilter20-d.gandi.net [::ffff:10.0.15.180])
(amavisd-new, port 10024)
with ESMTP id F-YKIDpm6H5u for <obnam-dev@obnam.org>;
Mon, 3 Jul 2017 20:29:54 +0200 (CEST)
X-Originating-IP: 74.125.82.47
Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47])
(Authenticated sender: hsivonen@hsivonen.fi)
by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id B0DD9172095
for <obnam-dev@obnam.org>; Mon, 3 Jul 2017 20:29:54 +0200 (CEST)
Received: by mail-wm0-f47.google.com with SMTP id 62so176405341wmw.1
for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 11:29:54 -0700 (PDT)
X-Gm-Message-State: AKS2vOynxf27cB5pQ1fm3Mfs4hi3tFbPjV3UxEp61//itBDNpw3lYVYX
c0wN4zVwfLz1rQVilYHNwt3186AVlg==
X-Received: by 10.80.138.34 with SMTP id i31mr15963090edi.119.1499106594140;
Mon, 03 Jul 2017 11:29:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.137.150 with HTTP; Mon, 3 Jul 2017 11:29:53 -0700 (PDT)
In-Reply-To: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
From: Henri Sivonen <hsivonen@hsivonen.fi>
Date: Mon, 3 Jul 2017 21:29:53 +0300
X-Gmail-Original-Message-ID: <CAJQvAueazfvt9g2nPsqyuzecJXU0BRVs7hyZoqFBdG3bCmxO+w@mail.gmail.com>
Message-ID: <CAJQvAueazfvt9g2nPsqyuzecJXU0BRVs7hyZoqFBdG3bCmxO+w@mail.gmail.com>
To: Wladimir Palant <gtiobnam@palant.de>
Content-Type: text/plain; charset="UTF-8"
X-Pepperfish-Transaction: c010-696f-a359-f781
X-Spam-Score: -0.6
X-Spam-Score-int: -5
X-Spam-Bar: /
X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 19:30:05 +0100
X-Spam-Report: Content analysis details: (-0.6 points)
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 PPF_RECEIVED_HTTP Received header mentions http
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[217.70.183.196 listed in wl.mailspike.net]
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust [217.70.183.196 listed in list.dnswl.org]
1.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[74.125.82.47 listed in dnsbl.sorbs.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
X-ACL-Warn: message may be spam
X-Scan-Signature: ac9a687be1135cef12dfc12106e1b84a
Cc: obnam-dev@obnam.org
Subject: Re: [rfc] Passphrase-based encryption
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
On Mon, Jul 3, 2017 at 1:14 AM, Wladimir Palant <gtiobnam@palant.de> wrote:
> with GPG being great and all that, I'd still prefer having the option to use
> a plain passphrase and AES encryption with obnam.
If you don't need AES specifically, you can find an XSalsa20+Poly1305
implementation at:
https://github.com/hsivonen/obnam/compare/salsa?expand=1
(It was written before libsodium has XChaCha20.)
I haven't had the time to write proper unit tests, benchmarks or docs,
which is why I haven't tried upstreaming it.
> --encryption-algo=aes-128 allowing to specify other key sizes.
Probably more important that letting users tweak the key size is to
make sure that the AEAD construction is good and suitable for use with
a randomly-generated nonce for the amount of data one would expect to
encrypt using Obnam. I don't know if CFB fits this, but
XSalsa20+Poly1305 or XChaCha20+Poly1305 should (the non-X variants of
Salsa20 and ChaCha20 *don't*).
--
Henri Sivonen
hsivonen@hsivonen.fi
https://hsivonen.fi/
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
|
