murk
News
murk 0.3 has been released -- tested on OpenBSD, Linux, NetBSD, FreeBSD, OSX, Solaris and Cygwin.
IMPORTANT: This release is incompatible with files produced by 0.2
What is it?
Its an encryption program, for the Unix command line, that is setup to allow
rsync to transfer the encrypted output files with some efficiency.
The problem
-----------
When encrypting data, using a chaining encryption mode, the bytes
before effect the value of the bytes that come after. This means a
change at byte N effects changes at N+1, N+2 ...
A file:
-----------------------------------
| X====================|
-----------------------------------
^
Change at this byte effects the rest
Rsync transfers :
----------------------
X====================|
----------------------
A solution
----------
Murk encrypts a file but resets the encryption every 8K or so
(by default) which localises the effects of changes....
The file:
-----------------------------------
| X====== |
-----------------------------------
^
Change at this byte is localised
Rsync transfers :
-------
X======
-------
However, in doing this, the strength of the encrypted file is weakened in
two ways:
1) The reset provides an attacker with a large selection of similarly
encrypted blocks. This makes it weaker than standard cbc encryption.
2) Identical blocks will encrypt to the same result. This allows a statistical
analysis to be run on the encrypted file which gives away information about
its contents.
It is hoped that future versions of murk will address point (1). Unfortunately,
it is not possible to do anything about point (2) without destroying rsync
efficiency.
Peformance
----------
In terms of being efficient when transfering data with rsync, murk needs
special conditions to be of any use. The tables below show bytes transfered
in two example transfers:
Plain rsync is rsync on the uncompressed files
mcrypt -p compresses a whole file with bzip2 and then encrypts it.
1) Transfering openssl-0.9.7e.tar onto openssl-0.9.7d.tar (the intial files
were not gziped). Size of openssl-0.9.7e is 15418880 bytes.
Plain rsync 4353737
mcrypt -p then rsync 2452373
murk then rsync 3570755
This shows that both murk and rsync on uncompressed data cannot compete with
a well compressed file. This is because there is around 25% difference in
the two files and the data is nicely compressible. It doesn't matter
that the compression badly messes with the efficiency of rsync since the
whole file compressed is smaller that the uncompressed deltas.
2) In a more of a backup scenario, this is my docs directory (600MB) with a
new manual (100K) added.
Plain rsync 110192
mcrypt -p then rsync 80754324
murk then rsync 119486
It is in situations like this that murk can be useful. These are small changes
in big pieces of data.
cvs access
Patches and fixes are most welcome.
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/murk login
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/murk co murk0
or browse the
repository
download |
support |
manpage