From: lalebarde <l.alebarde@free.fr>
To: git@vger.kernel.org
Subject: Re: Transparently encrypt repository contents with GPG
Date: Sun, 17 Jun 2012 00:33:32 -0700 (PDT) [thread overview]
Message-ID: <1339918412381-7561644.post@n2.nabble.com> (raw)
In-Reply-To: <1335029110871-7487506.post@n2.nabble.com>
Hi,
I am puzzled from the
http://article.gmane.org/gmane.comp.version-control.git/113221
recommandation of Junio C Hamano , the maintainer of git, to not encrypt
files before pushing them :
Junio C Hamano wrote
> If your "clean" encrypts and "smudge" decrypts, it means you are refusing
> all the benifit git offers.
Junio C Hamano wrote
> the above config may appear to work
*So, does it work or not, or partially ? And if partially, what does not
work ?*
Another issue is the use of the cypher ECB by
https://github.com/shadowhand/git-encrypt git-encrypt .
http://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb
Some argue it is bad (cf also
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
that ).
So I made some experiments, tacking a 15Mb pdf :
/$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4
<Wiley.pdf >WileyE1
$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
$ md5sum WileyE1
d43058d8443777aea871350245d9865b WileyE1
$ md5sum WileyE2
d43058d8443777aea871350245d9865b WileyE2
$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
503d82849ad53652268d1abdcfbce9de WileyE1
503d82849ad53652268d1abdcfbce9de WileyE2
$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
e726431cbd9ff8780946ddfad775600a WileyE1
e726431cbd9ff8780946ddfad775600a WileyE2/
*As the hash are identical from one run to another, I don't understand why
we should stick to the ECB cypher.*
Can some one clarify the two points please ?
--
View this message in context: http://git.661346.n2.nabble.com/Transparently-encrypt-repository-contents-with-GPG-tp2470145p7561644.html
Sent from the git mailing list archive at Nabble.com.
next prev parent reply other threads:[~2012-06-17 7:34 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-12 21:19 Transparently encrypt repository contents with GPG Matthias Nothhaft
2009-03-12 21:34 ` Sverre Rabbelier
2009-03-13 10:46 ` Michael J Gruber
2009-03-13 10:51 ` Sverre Rabbelier
2009-03-13 11:15 ` Thomas Rast
2009-03-13 11:17 ` Sverre Rabbelier
2009-03-13 13:56 ` Michael J Gruber
2009-03-13 14:19 ` Sverre Rabbelier
2009-03-13 17:13 ` Jeff King
2009-03-13 20:23 ` Junio C Hamano
2009-03-14 11:16 ` Michael J Gruber
2009-03-14 18:45 ` Junio C Hamano
2009-03-16 16:01 ` Michael J Gruber
2009-03-17 7:40 ` Jeff King
2009-03-17 8:22 ` Jeff King
2012-04-21 17:25 ` bigbear
2012-06-17 7:33 ` lalebarde [this message]
[not found] ` <CAL1Gx-Ufs8TNVeeefAXBnX-eCnEk_DC1w6oJVRPcMcStdL_+-Q@mail.gmail.com>
2012-06-18 20:03 ` lalebarde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1339918412381-7561644.post@n2.nabble.com \
--to=l.alebarde@free.fr \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.