nfreezer icon indicating copy to clipboard operation
nfreezer copied to clipboard

Published 20 hours ago verified publisher icon josephernest

A few comments from the HN discussion

Open rakoo opened this issue 4 years ago • 2 comments

Hey @josephernest, as discussed here's the followup from the discussion of https://news.ycombinator.com/item?id=25240701.

As a recap, here are the few points I wanted to raise, in a semi chronological

  • At decryption time, the file is written before it is checked, which is potentially a security issue (there is a warning, but no indication which file is wrong, the file isn't deleted)
  • To do that properly the file should be decrypted and verified before being written to its final destination. Maybe in memory, maybe in /tmp
  • An alternative is to chunk the file, and decrypt_and_verify each chunk independently.
    • Pro: when files are modified, only the chunk needs to be uploaded instead of the whole file
    • Pro (if done properly): chunks can be decrypted in memory with less pressure on RAM and written directly to the destination file
    • Cons: slightly harder to implement properly

Concerning chunking, content-defined chunking is the best choice, but it's not an issue of RAM as you properly stated, it's an issue of minimizing the changes to be uploaded/downloaded

Happy to continue the discussion here :)

rakoo avatar Nov 30 '20 18:11 rakoo

@rakoo None of the points appear to be have been addressed yet?

https://github.com/josephernest/nfreezer/commits/master

ghost avatar Apr 06 '23 08:04 ghost

@07416 No time slot has been available to add new features in the last few months - here we still use the (working) software as is.

josephernest avatar Apr 06 '23 08:04 josephernest