[Discuss] encryption and rsync

[Richard Pieri]

On 7/16/2012 1:59 AM, Tom Metro wrote:
> So you're syncing the encrypted files in the source directory. That
> makes a lot more sense than using an encryption technology that just
> creates an opaque image file.

Correct, at least for my needs.  There is a 1:1 correspondence between 
native file system and EncFS file system so an attacker can easily track 
changes.  This kind of analysis is not feasible with a monolithic container.

> But I'm assuming that EncFS isn't doing anything to assist the syncing
> of partial files, so your minimum transfer is a full file.

Also correct in the typical case.  It's not an issue for small files 
since small files are transferred in full most of the time anyway.  It 
does lend itself to auto-sync services like DropBox since it's mostly 
just deltas being synchronized.  It's not as efficient as DropBox on a 
native file system but it's much more efficient than trying to sync a 
big container file.

rsyncrypto breaks this behavior.  You always get the same ciphertext for 
a given input set.  That's the only way that partial transmission can 
work with encrypted data on the target side.  This is the weakening of 
which they describe.

-- 
Rich P.