[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Students' Project seeks help

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Mon, 1 Aug 2011 10:28:47 -0400

> Hi Everybody,
> thanks for all the quick repsonses. I myself wasn't able to answer
> until
> now since we wanted to discuss things in our group.
> We plan to integrate this so that a compromised server does not
> allow
> the attacker to read data, even if he has got access to the
> repositories, no matter how he got it. The "Professor" who gave
> this
> task to us, is willing to accept the loss in performance for the
> enhanced security.

Is this just an academic exercise? I think putting the repository on a truecrypt drive would solve the above requirement.


> Tom Widmer, Peter Samuelson, Markus Schaber:
> We are allowed a loss in performance, and more explicitly the
> delta-functionality. But as Peter Samuelson pointed out delta
> transmission might still work on a block-basis with block-ciphers
> and
> this is what we hope for. Unfortunately this would require us to
> make
> sure that plain-text blocks' borders aren't moved, when data is
> inserted
> or removed.
> We know that, since we do not want attackers to analyze the data by
> assuming that the first x byte are some kind of constant header
> (pdf,
> html , etc) - thus having plain-text-cypher pairs - we do need to
> mask
> those parts. But this could be aranged by simply adding some random
> number to the plaintext (224 bit plaintext 32 random or something
> like
> that) which is only changed when the plaintext-block is changed.
> This
> way we wouldn't have full feedback encryption, which reduces
> security,
> because it is easier to find pairs, but we would still allow the
> delta
> handler to at least work on "blocks".
> Philip Martin
> You might like to look atsvn:eol-style=native on Windows
> We are going to check that out. Regarding the checksums: We aren't
> storing the checksums for the encrypted data yet, since we only
> started
> trying to understand the SVN library. But we'll keep that in mind
> for
> the future. We assumed that transmitting those checksums would be
> necessary for the server to accept the file.
> Markus Schaber
> Concerning the RA solution: Our task is to integrate the client-
> side
> encryption into Tortoise. But we figured that a general solution,
> which
> worked on all clients would be the best way to handle this. Having
> an RA
> solution for every RA solution currently in existence didn't seem
> feasible.
> Thanks for the replies.
> Next we are going to follow Philip Martin's idea and have a look at
> those line-ending-conversions. But other ideas how and where to
> manipulate data, directly after it is received when updating are
> welcome
> and gladly received.
> Best regards
> Jan Peters
Received on 2011-08-01 16:29:20 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.