The Testing Area :: June Extensions



Quote (WDef @ June 15 2007,17:50)
If you want to put whole directory trees into encrypted archives, you could try aespipe.dsl (eg):

Just tried that out, thanks!  I'll start using it for my complete backups.
More frequently, however, I'll want to pull some file saved onto an external server for use on any of several computers.  Bcrypt works nicely for that. (aespipe restores an archive to orginal path).

update:  just found a bug in aespipe; created an .aes file that restored fine once, but then stopped restoring files if I tried it again (everything looked fine in the termimal window, but files never appeared on the disk).

Bcrypt is also a lot faster than aespipe, especially compared to AES with 50 000 iterations and older computers..
Also smaller (17k - 80k) if it will get into DSL some time..

DSL currently has tripleDES and uses it in the webdata program (backup to ftp)  as well as the encrypted backup via the 'protect' boot option. How does bcrypt compare considering old(er) computers?
Blowfish is a lot stronger than tripleDES..
I haven't tried tripleDES, but bcrypt was quite fast in my tests after compilation.

According to Wikipedia:
Quote
-DES key was originally 128-bit, but NSA 'persuaded' it to 56 bits, so it could be broken
-NSA could break DES quickly already in the 70's
-DES has been cracked in less than 24 hours
-Blowfish is one of the fastest block ciphers in widespread use, except when changing keys.
-In some implementations, Blowfish has a relatively large memory footprint of just over 4 kilobytes of RAM. This is not a problem even for older smaller desktop and laptop computers, but it does prevent use in the smallest embedded systems such as early smartcards.
-Blowfish is not subject to any patents and is therefore freely available for anyone to use.


To further increase bcrypt's performance, compression and secure overwriting of original files can be turned off at use time.

Sorry, this does not answer the comparison. I cannot do that now.. Anyone?

Edit:
I found this comparison:
http://www.schneier.com/blowfish-speed.html
From it, on a Pentium Blowfish uses 18 clock cycles/byte encrypted when DES uses 45 and tripleDES 108. So speed gain is clear...

Using bcrypt  to encrypt a 13M tar.gz file (basically my archived hard drive partition) cut down on the file's size slightly and took about 3 seconds.

Here's my cute little script for a backup file using bcrypt.  A "MyFiles" directory on hda3 has a lot of subdirectories where I keep all my files, so I run the script from there:

     1 #!/bin/bash
     2 rm ./myfiles.tar.gz*       #old backup file
     3 find . > ./files.txt
     4 tar cvf ./myfiles.tar --no-recursion --numeric-owner -T ./files.txt
     5 gzip -9 ./myfiles.tar
     6 cp ./myfiles.tar.gz ./myfiles.dsl
     7 sudo ./declobber ./myfiles.dsl    # remove open directories
     8 cp -u $HOME/myfiles/myfiles_noclobber.dsl  ./myfiles.tar.gz  
     9 rm ./myfiles.dsl
    10 sudo rm -R $HOME/myfiles  
    11 bcrypt ./myfiles.tar.gz

This creates a "myfiles.tar.gz.bfe" file in my MyFiles directory. I'm not sure it's necessary to remove open directories using the declobber script, but what the heck.  To restore I cd  to the MyFiles directory and run the restore script.

     1 #!/bin/bash
     2 bcrypt ./myfiles.tar.gz.bfe
     3 tar -zxvf ./myfiles.tar.gz

This is all done in seconds.  The longest procedure is typing in the password.

Next Page...
original here.