1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221])
by pieni.net (Postfix) with ESMTPS id CA9CB42E84
for <distix@pieni.net>; Mon, 3 Jul 2017 19:16:45 +0000 (UTC)
Received: from platypus.pepperfish.net (unknown [10.112.101.20])
by yaffle.pepperfish.net (Postfix) with ESMTP id 9E52D41C86;
Mon, 3 Jul 2017 20:16:45 +0100 (BST)
Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1dS6px-0007yu-KM; Mon, 03 Jul 2017 20:16:45 +0100
Received: from [10.112.101.21] (helo=inmail2.pepperfish.net)
by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian))
id 1dS6pw-0007yh-K8
for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 20:16:44 +0100
Received: from palant.de ([88.198.212.187])
by inmail2.pepperfish.net with esmtps
(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
(envelope-from <wladimir@palant.de>) id 1dS6pu-0002Hx-Lq
for obnam-dev@obnam.org; Mon, 03 Jul 2017 20:16:44 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palant.de;
s=dkim201610;
h=Sender:Content-Transfer-Encoding:Content-Type:In-Reply-To:
MIME-Version:Date:Message-ID:From:References:Cc:To:Subject;
bh=z4UU+Ktqsm5fjlAUOptwQSgmee5f6+ofDGLADbelzRU=; b=AHw4xgn8dd8TeBIU4o3A+ByXbQ
wB4GhbdfchRP6oB7xYn72kmFH7H9mOjvQmlJpiJyg27cyYQGXnWJ5y7cq8YF77xovzFnGdmgGq37x
mv0iS2RrKW8Ym6fg4JsT/Rm5Xm6MQ9bxRlAr2hIMGfXm7ez6k7C5E42i0+BuEpKhoaFA=;
To: Henri Sivonen <hsivonen@hsivonen.fi>
References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
<CAJQvAueazfvt9g2nPsqyuzecJXU0BRVs7hyZoqFBdG3bCmxO+w@mail.gmail.com>
From: Wladimir Palant <gtiobnam@palant.de>
Message-ID: <f1809076-4875-1c34-b321-681ccf1b2071@palant.de>
Date: Mon, 3 Jul 2017 21:16:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CAJQvAueazfvt9g2nPsqyuzecJXU0BRVs7hyZoqFBdG3bCmxO+w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Pepperfish-Transaction: eb4a-b77a-e0be-350d
X-Spam-Score: -3.5
X-Spam-Score-int: -34
X-Spam-Bar: ---
X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 20:16:44 +0100
X-Spam-Report: Content analysis details: (-3.5 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.5 PPF_USER_AGENT User-Agent: exists
-1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
X-ACL-Warn: message may be spam
X-Scan-Signature: 909e24a621a695a51ad00ecc17e68015
Cc: obnam-dev@obnam.org
Subject: Re: [rfc] Passphrase-based encryption
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
On 03.07.2017 20:29, Henri Sivonen wrote:
> If you don't need AES specifically, you can find an XSalsa20+Poly1305
> implementation at:
> https://github.com/hsivonen/obnam/compare/salsa?expand=1
Interesting, thank you for sharing. This is way more advanced than my
quick and dirty plugin of course.
> I haven't had the time to write proper unit tests, benchmarks or docs,
> which is why I haven't tried upstreaming it.
Unfortunately, I assume that the arguments against upstreaming my
solution apply to yours just as well - so even with tests, benchmarks
and docs it won't get accepted.
> Probably more important that letting users tweak the key size is to
> make sure that the AEAD construction is good and suitable for use with
> a randomly-generated nonce for the amount of data one would expect to
> encrypt using Obnam. I don't know if CFB fits this, but
> XSalsa20+Poly1305 or XChaCha20+Poly1305 should (the non-X variants of
> Salsa20 and ChaCha20 *don't*).
CFB uses initialization vectors (randomly generated for each file in my
case) which I think serve a similar purpose. But I'm not really familiar
with either Salsa20 or ChaCha20 so I would be grateful if you could
expand. What kind of issues is this about? Are you implying that these
algorithms would be better performance-wise? I don't really know how
they compare to AES but at least for me the performance is clearly
limited by the uplink and not by the CPU. In other scenarios it could be
completely different of course.
regards
Wladimir
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
|
