> and an issue related to the > fact that we need to encrypt users' data.
For the record, s3venti does encrypt blocks that it writes to S3. It uses a single key, making it rather vulnerable to dictionary attacks, but I haven't come up with a way to do better without changing the venti protocol. Suggestions are welcome.