On 28 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> 2000-10-28-20:03:19 Martin Pool:
> > > As for licensing, the only requirement is to give credit...
> >
> > Fine.
>
> If you've made peace with OpenSSL licensing, then I'd like to
> suggest:
I thought it was more of a problem than it apparently is.
> > > If you just embed arcfour, what's your key management plan?
> >
> > key = MD4(salt, user, password, possibly other stuff)
>
> It should be trivial to switch to SHA-1 and Blowfish, which I'd
> trust more than MD4 and arcfour respectively.
I agree about SHA-1; in fact we should be able to transparently
upgrade to SHA-1 for authentication through a protocol option.
Blowfish is a block cypher, not a stream cypher. Twofish is too. As
I said in a previous message, I don't want the complexity of splitting
up into blocks. I guess we could use it in OFB mode to generate a
keystream, but I feel a little uncertain about doing that and I think
it would be quite slow.
Schneier also says RC4 is about ten times faster than
comparably-strong block cyphers. Together with the cost of an extra
protocol layer, I can imagine that this might make arcfour encryption
considerably less CPU-intensive than rsync-over-ssh.
For example, we make backups in the office to a backup server using
rsyncd over a 100baseT network. Running ssh would hammer the backup
server and slow down the process unnecessarily. The network is
private and basically secure, but a little privacy in the process
couldn't hurt. I can imagine simple encryption would be useful here.
Although I would prefer a cypher with a nonproprietary design, RC4
does seem to be widely used and trusted. Schneier also mentions SEAL;
I'll look at it later.
Of course we can always have --privacy=CYPHERALGO.
> Oh, and if you're right about the rsync password definitely not
> travelling in the clear, then as far as I can see the encryption
> keying system you propose should be no weaker than the password,
> which probably makes pretty good sense overall security-wise.
Oh, and incidentally: with the privacy option we have *some*
protection against modification of the text by an attacker: the next
layer up does gzip encryption, which will make guessing the bytes to
insert without seeing the preceeding quite hard, and also it will
detect corruption.
--
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
[EMAIL PROTECTED], http://www.linuxcare.com/
Linuxcare. Support for the revolution.
PGP signature
