freshmeat.net: Project details for murk

01:24 UTC

[Project]

murk - Default branch

Section: Unix

Added: Sun, Sep 12th 2004 03:49 UTC (3 years, 11 months ago)

Updated: Fri, Apr 1st 2005 04:31 UTC (3 years, 4 months ago)

About:
murk is an rsync-friendly encryption that runs on the Unix command line. Users can encrypt a file and backup the changes to an untrusted host.

Author:
Alien Science [contact developer]

Homepage:
http://murk.sourceforge.net/
Tar/BZ2:
http://sourceforge.net/project/showfiles.php?group_id=118518

Trove categories: [change]
[Development Status] 3 - Alpha
[Environment] Console (Text Based)
[Intended Audience] Developers, System Administrators
[License] OSI Approved :: BSD License (original)
[Operating System] POSIX
[Programming Language] C
[Topic] Security :: Cryptography, System :: Archiving :: Backup, System :: Archiving :: Compression

Dependencies: [change]
No dependencies filed

Project admins: [change]
» Alien Science (Owner)

» Rating: (not rated)
» Vitality: 0.00% (Rank 15161)
» Popularity: 0.44% (Rank 13220)

(click to enlarge graphs)

   Record hits: 4,342
   URL hits: 830
   Subscribers: 13

Other projects from the same categories:
hdup
Versatile Encoder
jslibs
Suhosin
pstdelta

Users who subscribed to this project also subscribed to:
prerex
JBoss
MatrixSSL
protosquared
TOPCASED

Add comment · Rate this project · Subscribe to new releases · Ignore this project · Email this project to a friend · Project record in XML

Branches

Branch Version Last release License URLs

Default 0.3 01-Apr-2005 BSD License (original)

Releases

Version Focus Date

0.3 Major security fixes 01-Apr-2005 12:31

0.2 Minor feature enhancements 27-Jan-2005 19:59

0.1 Major bugfixes 02-Oct-2004 20:07

0.0 Initial freshmeat announcement 12-Sep-2004 13:13

Comments

[»] Not quite as strong
by Richard Clark - Jan 27th 2005 12:27:31

You may have already considered this, but "resetting" the encryption I assume means returning to the IV generated from the passphrase. If you do this every 8k for example, you provide any attacker with a large set of similarly produced ciphertexts. In addition, every 8k block that is equal will encrypt to the same value allowing the attacker to make inferences about the contents of the file from the prevalence of particular encrypted results.

I'm not convinced either of these issues is a particularly big deal in this case, but it might be worth noting somewhere prominent that block ciphers are chained for these exact reasons, and that the user should understand that the resulting encrypted file is not as strong as one produced normally. I think it's more than fair to say (assuming you're using a decent cipher :) that it is still plenty strong enough for regular data, although I'd be worried about anything that someone might take a few months to try and break.

[reply] [top]

[»] Re: Not quite as strong
by Alien Science - Jan 27th 2005 13:22:35

This is true. The repeated block issue hadn't occured to me either -- and thats something that will never go away since its the very thing that makes the files useful with rsync. Currently, there is a disclaimer at the bottom of the manpage, however I'll add it to the homepage in the description of murk's operation.

My only idea for getting round the weaknesses, in resetting the encryption, is to have a different key for each block. What I haven't worked out is how to generate these keys in a predicable way so that different generations of a file can be efficiently rsynced. By predicable, I mean a block of data always gets encrypted with the same key.

However, it is interesting you mention the importance of the iv being reset to its original value. Would there be any mileage in resetting the iv to, say, a checksum or digest of the plain text block? Indentical blocks would encrypt identically but similar blocks would give away less about their contents.

[reply] [top]