Strong encryption

'jw schultz' jw at pegasys.ws
Wed Jun 5 03:38:02 EST 2002 

On Wed, Jun 05, 2002 at 12:21:18PM +0200, C.Zimmermann wrote:
> > 
> > If you want them stored on the destination encrypted you
> 
> Yes, that´s it. The owner of the source files will be sure, that no one
> else can read his files on the destination host.
> 
> I thought, rsync only looks at the modification date of a file and
> decides whether to backup this file or not. In this case, the backup
> could be stored  encrypted.

Rsync can handle encrypted files just fine.  It just treats
them as ordinary binary files.  If the owner of the files
encrypts them on the source they will be encrypted on the
destination.

As you have said rsync normally just looks at the
modification date for deciding whether to update the
destination (unless you use the -c option)  But, unless the
-w option is used rsync will use some rather clever (nod to
rsync developers) methods to transfer only the changed the
parts of changed files.  It is this feature that gives rsync
its speed.  My comments below are to advise you that that
clever feature is nullified by encrypted files.  In fact for
encrypted files rsync would be sub-optimal.  If most/all of
the changed files are encrypted i would use the -w option.

Enjoy

> 
> Bye Clemens
> 
> 
> 
> 
> > will need to keep them encrypted on the source.  Rsync won't
> > be able to compare an encrypted (cyphertext) file with an 
> > unencrypted (plaintext) one.  For rsync to support encryption 
> > it would need to be able to decrypt your files and that would 
> > be very insecure.
> > 
> > If you keep the files encrypted on the source and
> > destination you might as well use the rsync -w option
> > because for encryption to be effective it truly does need to 
> > randomize the data rendering the special efficencies of rsync 
> > moot.  Additionally, for the class of cyphers you mention to 
> > be secure they need long keys that change frequently and are 
> > best generated randomly and then encrypted using even more 
> > secure cyphers.  This randomness assures that no file will be 
> > encrypted to the same cyphertext twice.
> > 
> > Sorry if i bowled you over on the cyphertext files issues. 
> > Hopefully all you needed was a pointer to secure 
> > transmission.  If not, a coherent description of why the need 
> > for encryption may help us find a way to meet your needs.
> > 
> > -- 
> > ________________________________________________________________
> > 	J.W. Schultz            Pegasystems Technologies
> > 	email address:		jw at pegasys.ws
> > 
> > 		Remember Cernan and Schmitt
> > 
> > 
> 
> 
> --
> To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html

-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list