Encryption

Shachar Shemesh rsync at shemesh.biz
Tue Apr 18 09:33:46 GMT 2006 

Julian Pace Ross wrote:

> Thanks everyone for your feedback.
> Seems to me that Alex explained the issue with this perfectly.

I'm afraid that Alex's explanation does not take into account
rsyncrypto's algorithm. If you encrypt two versions of a file, changed
in the first bit of the file between them, using rsyncrypto, they will
start out totally different. However, some time into the file (between
4KB and 16KB, depending on several factors) the files will resume to be
identical, thus allowing rsync to work on them efficiently.

> I downloaded it and spent a few minutes trying to make it work, but I
> didnt manage yet. (docmentation is a bit terse).

The man page for the latest version has examples designed to get you
started as fast as possible. I'll grant you that there is no easy way to
read the manual page if you are on Windows, though.

> Assuming that it works fine, and that it encrypts only changed files
> (thus addressing to some extent the scalability issue mentioned by
> Alex), this would pretty much solve the problem, assuming that one has
> enough harddisk space on the client side for an encrypted copy of the
> data to be backed up.

Yes, you do need a second copy on the client side. The files are
compressed prior to being encrypted, so it is, hopefully, not as big as
the original.

> However I'm worried that rsyncrypto, although a great idea, is very
> much a work in progress and still shaky... I may be wrong...Anyone
> used it?

Well, I do, obviously (I'm the one who wrote it, after all). I think the
technology is fairly sound at this stage. There are still features I'd
like to see implemented, as well as various optimizations.

Let's put it this way. My company (http://lingnu.com) bases a commercial
backup service on this technology.

> I would be tempted to try and merge the rsyncrypto source within rsync
> and add a command line argument... that would be ideal....oh well just
> a thought...

Others have tried before you. They tried to pipe the rsyncrypto output
to librsync based program that does a pipe rsync. At the moment,
rsyncrypto cannot write the output file in a one pass way, which means
its output cannot be piped. This may be solveable, but I have not gotten
around to it just yet. There are more pressing issues I would like
addressed with it first. Patches are, always, welcome.

> Cheers
> Julian

       Shachar

More information about the rsync mailing list