Gary Holzer wrote:
I am (as you know) the maintainer for rsyncrypto. I looked a little into esync (a while back, I'm not sure I fully remember the differences, though). I have no idea what wurt is, so a link would be greatly appreciated.Hi All,
I am using rsync to backup our office server to our Internet server (RHE). As an association for doctors we are looking at providing a backup service for their practices using rsync. As it would be patient data it would need to be encrypted. I have found a few options, namely
esync wurt rsyncrypto
Does anyone have experience with the above and perhaps like to recommend one? On the client side we are on Windows boxes using cygwin.
Thanks
The main difference between rsyncrypto and esync is in the amount of state information stored between operations. With rsyncrypto, this is a mere 52 bytes, containing the initial value for the CBC, the symmetric encryption key for the file, as well as three parameters used to determine CBC resets. This information is enough to make a repeated encryption of the same file (modified or not) identical enough to the original that rsync will manage to pick up just the differences. This 52 byte file is fully recoverable from the encrypted file, if you have the assymetric private key.
Esync, assuming I understood it correctly, actually requires keeping around enough information about the properties of the reset points (it uses a completely different algorithm). On first reading the esync algorithm sounded like one having a cryptographic weakness, but:
1. It was a long time ago, and I don't remember the details.
2. On second reading I remember thinking that the hole was plugged after all, at the expense of performance.
3. I cannot be said to be impartial, being as I maintain a "competing" technology.
Also with esync: - You need a custom version of rsync on both ends. - May be relevant for you - there is no Debian package :-)
Bear in mind that any manipulation to an encryption system to make it rsync friendly means that we are weakening it. This is obviously true for rsyncrypto too. Myself, I'm fairly confident that the weakening is nothing to be worried about, but do bear that in mind. This is stepping off the trodden path, a cryptographic risk, in exchange for better network performance.
As for experience, rsyncrypto is part of a commercial backup service my company is running, so you can say I have some experience with it, yes :-).
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html
-- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
