Re: Transparently encrypt repository contents with GPG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I am puzzled from the 
http://article.gmane.org/gmane.comp.version-control.git/113221
recommandation of Junio C Hamano , the maintainer of git, to not encrypt
files before pushing them :

Junio C Hamano wrote
> If your "clean" encrypts and "smudge" decrypts, it means you are refusing
> all the benifit git offers.

Junio C Hamano wrote
> the above config may appear to work
*So, does it work or not, or partially ? And if partially, what does not
work ?*

Another issue is the use of the cypher ECB by 
https://github.com/shadowhand/git-encrypt git-encrypt . 
http://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb
Some  argue it is bad (cf also 
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
that ). 

So I made some experiments, tacking a 15Mb pdf :

/$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4
<Wiley.pdf >WileyE1
$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
$ md5sum WileyE1
d43058d8443777aea871350245d9865b  WileyE1
$ md5sum WileyE2
d43058d8443777aea871350245d9865b  WileyE2

$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
503d82849ad53652268d1abdcfbce9de  WileyE1
503d82849ad53652268d1abdcfbce9de  WileyE2

$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
e726431cbd9ff8780946ddfad775600a  WileyE1
e726431cbd9ff8780946ddfad775600a  WileyE2/

*As the hash are identical from one run to another, I don't understand why
we should stick to the ECB cypher.*

Can some one clarify the two points please ?


--
View this message in context: http://git.661346.n2.nabble.com/Transparently-encrypt-repository-contents-with-GPG-tp2470145p7561644.html
Sent from the git mailing list archive at Nabble.com.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]