Re: Only Crypted things in CVS-Repository

[Thomas Deselaers]

On Tue, Oct 09, 2001 at 02:59:37PM +0200, Harald Kucharek wrote:
> Thomas Deselaers wrote:
> > This brought us to the idea if it is possible to store crypted sources in a
> > CVS-Repository without losing the funktionality of diffs etc. Of course it
> > would be absolutely easy to encrypt everything and store them binary.
> > 
> > I thought about this, and came to the conclusion that this would be possible
> > by only changing the client.
> > 
> > If the source is encrypted line by line, diff will still work and decryption
> > may find place at the client.
> 
> Interesting idea, but I guess that the encryption could be easily cracked 
> under your
> assumptions, especially: identical lines of code look identical in their 
> encrypted
> version. I don't know very much about encryption, but I think that makes the 
> whole
> thing vulnerable. Usually, encryption avoids to encrypt the same data into 
> the same
> encrypted data. In the extreme (one character per line of code), the 
> encryption would
> degenerate into a simple substitution. The shorter the code lines, the easier 
> the
> statistical attack.

Of course, this is true. And for our purposes there is no need for very
high security, though it would of course be preferred. But if you want
higher security, you have to modify the server's cvs and I think you have to
do the en- and decryption on the server, and thus it will not be very secure 
either.

This very high vulnerabilty was, why I do not know if this is useful for
anyone beside us. 

Thomas


-- 
address@hidden «<>» ICQ# on request «<>» GPG/PGP key on request
«< Unless stated otherwise everything I write is just my opinion >»