On Tue, Oct 09, 2001 at 02:59:37PM +0200, Harald Kucharek wrote: > Thomas Deselaers wrote: > > This brought us to the idea if it is possible to store crypted sources in a > > CVS-Repository without losing the funktionality of diffs etc. Of course it > > would be absolutely easy to encrypt everything and store them binary. > > > > I thought about this, and came to the conclusion that this would be possible > > by only changing the client. > > > > If the source is encrypted line by line, diff will still work and decryption > > may find place at the client. > > Interesting idea, but I guess that the encryption could be easily cracked under your > assumptions, especially: identical lines of code look identical in their encrypted > version. I don't know very much about encryption, but I think that makes the whole > thing vulnerable. Usually, encryption avoids to encrypt the same data into the same > encrypted data. In the extreme (one character per line of code), the encryption would > degenerate into a simple substitution. The shorter the code lines, the easier the > statistical attack.
Of course, this is true. And for our purposes there is no need for very high security, though it would of course be preferred. But if you want higher security, you have to modify the server's cvs and I think you have to do the en- and decryption on the server, and thus it will not be very secure either. This very high vulnerabilty was, why I do not know if this is useful for anyone beside us. Thomas -- [EMAIL PROTECTED] �<>� ICQ# on request �<>� GPG/PGP key on request �< Unless stated otherwise everything I write is just my opinion >� _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
