How to best update remote compressed, encrypted archives incrementally?
no-spam at no-spam-no-spam.com
Sat Mar 11 18:25:20 CET 2006
Steven D'Aprano wrote:
> On Sat, 11 Mar 2006 16:09:22 +0100, robert wrote:
>>>Lastly, have you considered that your attempted solution is completely the
>>>wrong way to solve the problem? If you explain _what_ you are wanting to
>>>do, rather than _how_ you want to do it, perhaps there is a better way.
>>So, there seems to be a big barrier for that task, when encryption is on
>>the whole archive. A complex block navigation within a block cipher
>>would be required, and obviously there is no such (handy) code already
>>existing. Or is there a encryption/decryption method which you can can
>>use like a file pipe _and_ which supports 'seek'?
> Let's try again: rather than you telling us what technology you want to
> use, tell us what your aim is. I suspect you are too close to the trees to
> see the forest -- you are focusing on the fine detail. Let's hear the big
> picture: what is the problem you are trying to solve? Because, frankly, as
> far as I can see, the solution you are looking for doesn't exist. But
> maybe I'm too far from the forest to see the individual trees.
> "I need encryption that supports seek" -- no, that's you telling us _how_
> you want to solve your problem.
> Perhaps you can tick some/all of the following requirements:
> - low bandwidth usage when updating the remote site
> - transmission needs to be secure
> - data on the remote site needs to be secure in case of theft or break-ins
> - remote site is under the control of untrusted parties;
> or remote site is trusted
> - remote site is an old machine with limited processing power and very
> small disk storage;
> or remote site can be any machine we choose
> - local site needs to run Windows/Macintosh/Linux/BSD/all of the above
> - remote site runs on Windows/Macintosh/Linux/BSD/anything we like
> - we are updating text files/binary files
> - anything else you can tell us about the nature of your problem
The main requirement is, that it has to be become a cohesive, reusable,
portable (FTP/SFTP standard) functionality as mentioned in the OP. A
Python module at best. For integration in a bigger Python app. not a
one-time admin hack with a bunch of tools to be fiddled together on each
user machine. So the 'how' is mostly =='what'. Its a Python question so far.
The last 2 methods I mentioned already are maybe a way to a compromise,
(if integrated one-stream encryption cannot be managed)
The only issue remaining: A native Python module for pgp-(pwd
only)-encryption or another kind of good (commonly supported)
encryption. ZIP2-encryption itself seems to be too weak? (Still so in
recent ZIP formats? what about the mode of 7zip etc?) But I found no
python modules for either.
http://www.amk.ca/python/code/gpg just calls into an external gpg
Can the functionality of "gpg -c" maybe fiddled together with PyCrypto
easily ? (variable length key/pwd only - no public key stuff required)
And what about ZIP password-only encryption itself? Are there maybe any
usable improvents ?
And: when there are many files encrypted with the same password (both
PGP and ZIP), will this decrease the strength of encryption?
More information about the Python-list