Encryption

Shachar Shemesh rsync at shemesh.biz
Fri May 13 12:32:39 GMT 2005 

Gary Holzer wrote:

>Hi All,
>
>I am using rsync to backup our office server to our Internet server (RHE).
>As an association for doctors we are looking at providing  a backup service
>for their practices using rsync. As it would be patient data it would need
>to be encrypted. I have found a few options, namely
>
>esync
>wurt
>rsyncrypto
>
>Does anyone have experience with the above and perhaps like to recommend
>one? On the client side we are on Windows boxes using cygwin.
>
>Thanks
>  
>
I am (as you know) the maintainer for rsyncrypto. I looked a little into 
esync (a while back, I'm not sure I fully remember the differences, 
though). I have no idea what wurt is, so a link would be greatly 
appreciated.

The main difference between rsyncrypto and esync is in the amount of 
state information stored between operations. With rsyncrypto, this is a 
mere 52 bytes, containing the initial value for the CBC, the symmetric 
encryption key for the file, as well as three parameters used to 
determine CBC resets. This information is enough to make a repeated 
encryption of the same file (modified or not) identical enough to the 
original that rsync will manage to pick up just the differences.  This 
52 byte file is fully recoverable from the encrypted file, if you have 
the assymetric private key.

Esync, assuming I understood it correctly, actually requires keeping 
around enough information about the properties of the reset points (it 
uses a completely different algorithm). On first reading the esync 
algorithm sounded like one having a cryptographic weakness, but:
1. It was a long time ago, and I don't remember the details.
2. On second reading I remember thinking that the hole was plugged after 
all, at the expense of performance.
3. I cannot be said to be impartial, being as I maintain a "competing" 
technology.

Also with esync:
- You need a custom version of rsync on both ends.
- May be relevant for you - there is no Debian package :-)

Bear in mind that any manipulation to an encryption system to make it 
rsync friendly means that we are weakening it. This is obviously true 
for rsyncrypto too. Myself, I'm fairly confident that the weakening is 
nothing to be worried about, but do bear that in mind. This is stepping 
off the trodden path, a cryptographic risk, in exchange for better 
network performance.

As for experience, rsyncrypto is part of a commercial backup service my 
company is running, so you can say I have some experience with it, yes :-).

             Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html

More information about the rsync mailing list