[clug] Neat Backup Solutions for desktops...

Daniel Pittman daniel at rimspace.net
Mon Dec 7 20:28:59 MST 2009

"Alastair D'Silva" <alastair at newmillennium.net.au> writes:

> One problem with streaming encryption is that if you have any data
> corruption, data from that point on is lost.

Most of the encrypting done via a pipe is "streaming" only by choice, because
you selected an inappropriate feedback mode.  You could use a mode like ECB
that trades off some types of security in return for per-block protection.

Alternately, you could use CBC, resulting in a single damaged encryption block
causing two invalid plain-text blocks on output; given that a block is
typically 64 to 128 bits, you are looking at a single-bit flip resulting in
less than 32 bytes of damage to the content...

More details here:

> A better choice is to use per-block encryption, such as the hardware
> encryption in modern tape drives. In this scenario, the integrity of a block
> does not affect subsequent blocks.

This, of course, being an implementation of something along the same lines.


When doing archive encryption / compression I liked the afio model, in which
each contained file was encrypted or compressed *before* it went into the
container, not after, transparently.  Not that this is easy to integrate with
anything else, but such is life.

✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons

More information about the linux mailing list