On 25/07/2011 14:25, Jan Peters wrote:
> Hi there,
> we are a follow-up project to a student's group at Ruhr-University
> Bochum, Germany, which tried to integrate a functionality into
> Subversion to allow users to encrypt all their data on the client-side,
> before committing and to decrpyt while updating.
If I understand you correctly, I have a feeling that this is
fundamentally a bad idea, since Subversion stores data using diffs.
Since encrypted data looks identical to random binary data, all diffs
will necessarily be as large as the file being committed (or 2x the size
possibly: 1x to remove the old file + 1x to add the new file).
Compression won't help either, again because encrypted data looks
random. So storage requirements for the repository will increase
rapidly, and client side performance will be very slow since a trivial
svn update that only changes 1 line will require fetching the whole
changed file from the server. Additionally, repo browser change viewing
won't work either. OTOH, some VCS systems got away working like this for
years!
If you need an encrypted repository, for which only the clients hold the
necessary decryption keys and which never has access to any decrypted
data (e.g. in the server process), I can't think of another approach though.
Kind regards,
Tom
Received on 2011-07-26 18:30:42 CEST