From: lalebarde <l.alebarde@free.fr>
To: git@vger.kernel.org
Subject: Re: Transparently encrypt repository contents with GPG
Date: Sun, 17 Jun 2012 00:33:32 -0700 (PDT) [thread overview]
Message-ID: <1339918412381-7561644.post@n2.nabble.com> (raw)
In-Reply-To: <1335029110871-7487506.post@n2.nabble.com>
Hi,
I am puzzled from the
http://article.gmane.org/gmane.comp.version-control.git/113221
recommandation of Junio C Hamano , the maintainer of git, to not encrypt
files before pushing them :
Junio C Hamano wrote
> If your "clean" encrypts and "smudge" decrypts, it means you are refusing
> all the benifit git offers.
Junio C Hamano wrote
> the above config may appear to work
*So, does it work or not, or partially ? And if partially, what does not
work ?*
Another issue is the use of the cypher ECB by
https://github.com/shadowhand/git-encrypt git-encrypt .
http://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb
Some argue it is bad (cf also
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
that ).
So I made some experiments, tacking a 15Mb pdf :
/$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4
<Wiley.pdf >WileyE1
$ openssl enc -base64 -aes-256-ecb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
$ md5sum WileyE1
d43058d8443777aea871350245d9865b WileyE1
$ md5sum WileyE2
d43058d8443777aea871350245d9865b WileyE2
$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-ofb -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
503d82849ad53652268d1abdcfbce9de WileyE1
503d82849ad53652268d1abdcfbce9de WileyE2
$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE1
$ openssl enc -base64 -aes-256-cbc -S 1762851 -k a5G4juy64VVBgfq4 <Wiley.pdf
>WileyE2
e726431cbd9ff8780946ddfad775600a WileyE1
e726431cbd9ff8780946ddfad775600a WileyE2/
*As the hash are identical from one run to another, I don't understand why
we should stick to the ECB cypher.*
Can some one clarify the two points please ?
--
View this message in context: http://git.661346.n2.nabble.com/Transparently-encrypt-repository-contents-with-GPG-tp2470145p7561644.html
Sent from the git mailing list archive at Nabble.com.
next prev parent reply other threads:[~2012-06-17 7:34 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-12 21:19 Transparently encrypt repository contents with GPG Matthias Nothhaft
2009-03-12 21:34 ` Sverre Rabbelier
2009-03-13 10:46 ` Michael J Gruber
2009-03-13 10:51 ` Sverre Rabbelier
2009-03-13 11:15 ` Thomas Rast
2009-03-13 11:17 ` Sverre Rabbelier
2009-03-13 13:56 ` Michael J Gruber
2009-03-13 14:19 ` Sverre Rabbelier
2009-03-13 17:13 ` Jeff King
2009-03-13 20:23 ` Junio C Hamano
2009-03-14 11:16 ` Michael J Gruber
2009-03-14 18:45 ` Junio C Hamano
2009-03-16 16:01 ` Michael J Gruber
2009-03-17 7:40 ` Jeff King
2009-03-17 8:22 ` Jeff King
2012-04-21 17:25 ` bigbear
2012-06-17 7:33 ` lalebarde [this message]
[not found] ` <CAL1Gx-Ufs8TNVeeefAXBnX-eCnEk_DC1w6oJVRPcMcStdL_+-Q@mail.gmail.com>
2012-06-18 20:03 ` lalebarde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1339918412381-7561644.post@n2.nabble.com \
--to=l.alebarde@free.fr \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).