[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Only Crypted things in CVS-Repository

From: Thomas Deselaers
Subject: Re: Only Crypted things in CVS-Repository
Date: Tue, 9 Oct 2001 15:28:18 +0200
User-agent: Mutt/1.3.22i

On Tue, Oct 09, 2001 at 02:59:37PM +0200, Harald Kucharek wrote:
> Thomas Deselaers wrote:
> > This brought us to the idea if it is possible to store crypted sources in a
> > CVS-Repository without losing the funktionality of diffs etc. Of course it
> > would be absolutely easy to encrypt everything and store them binary.
> > 
> > I thought about this, and came to the conclusion that this would be possible
> > by only changing the client.
> > 
> > If the source is encrypted line by line, diff will still work and decryption
> > may find place at the client.
> Interesting idea, but I guess that the encryption could be easily cracked 
> under your
> assumptions, especially: identical lines of code look identical in their 
> encrypted
> version. I don't know very much about encryption, but I think that makes the 
> whole
> thing vulnerable. Usually, encryption avoids to encrypt the same data into 
> the same
> encrypted data. In the extreme (one character per line of code), the 
> encryption would
> degenerate into a simple substitution. The shorter the code lines, the easier 
> the
> statistical attack.

Of course, this is true. And for our purposes there is no need for very
high security, though it would of course be preferred. But if you want
higher security, you have to modify the server's cvs and I think you have to
do the en- and decryption on the server, and thus it will not be very secure 

This very high vulnerabilty was, why I do not know if this is useful for
anyone beside us. 


address@hidden «<>» ICQ# on request «<>» GPG/PGP key on request
«< Unless stated otherwise everything I write is just my opinion >»

reply via email to

[Prev in Thread] Current Thread [Next in Thread]