On Nov 1, 2006, at 23:25, Michael Brennen wrote:
On Wed, 1 Nov 2006, Robert Nelson wrote:On top of the issue with the reversed processing during restore that I previously mentioned, there is a fundamental flaw in the processing of compressed+gzipped data. The problem is that boundaries aren't preservedacross encrypt/decrypt.What happens is that after the block is compressed it is encrypted. However since the encryption engine processes data in blocks there may still be bytes from the compressed block in the pipeline when the block is sent to the Storage Daemon. As a result, when the same block is decrypted it mayresult in only part of the compressed block.Unfortunately there is no way to tell how much decrypted data is required by the decompression engine with the current design. I think the algorithm would have to be changed to pass along the compressed data size with eachcompressed block. -----Original Message----- From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of LandonFullerThe encryption does not include compression -- It made more sense to piggyback on the existing compression code. Also, thanks for catching this! I'm embarrassed that I forgot to test backup +restore with both compression and encryption enabled.Landon, does it make sense to use OpenSSL compression in lieu of Bacula's compression, such that one should use one or the other but not both? I have no idea how good OpenSSL's internal compression is, but that might be a straightforward way around what sounds like a block cipher issue???
Implementing an OpenSSL zlib BIO would solve the issue. However, I think it'd be a shame to have code in two places doing the same thing -- this should be possible to fix correctly in Bacula's zlib code alone.
-landonf
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
