[clug] Neat Backup Solutions for desktops...
Daniel Pittman
daniel at rimspace.net
Mon Dec 7 20:28:59 MST 2009
"Alastair D'Silva" <alastair at newmillennium.net.au> writes:
> One problem with streaming encryption is that if you have any data
> corruption, data from that point on is lost.
Most of the encrypting done via a pipe is "streaming" only by choice, because
you selected an inappropriate feedback mode. You could use a mode like ECB
that trades off some types of security in return for per-block protection.
Alternately, you could use CBC, resulting in a single damaged encryption block
causing two invalid plain-text blocks on output; given that a block is
typically 64 to 128 bits, you are looking at a single-bit flip resulting in
less than 32 bytes of damage to the content...
More details here:
http://en.wikipedia.org/wiki/Cipher_block_chaining#Integrity_protection_and_error_propagation
> A better choice is to use per-block encryption, such as the hardware
> encryption in modern tape drives. In this scenario, the integrity of a block
> does not affect subsequent blocks.
This, of course, being an implementation of something along the same lines.
Daniel
When doing archive encryption / compression I liked the afio model, in which
each contained file was encrypted or compressed *before* it went into the
container, not after, transparently. Not that this is easy to integrate with
anything else, but such is life.
--
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
More information about the linux
mailing list