On Saturday, December 29, 2018 at 2:30:12 PM UTC-5, Chris Laprise wrote: > > Also note that we'd like to have at least some level of hiding metadata > > - - like VM names (leaked through file names). > > I have an idea for a relatively simple obfuscation layer that could even > re-order the transmission of chunks in addition to concealing filenames. > It would use an additional index with randomized names and the order > shuffled. Implementing this, I surmise, could improve robustness of the > encryption. ... > Yes, keeping in mind the chunk size I'm using currently is 128kB with > fixed boundaries. I've experimented with simple retroactive dedup based > on sorting the manifest hashes and that can save a little space with > almost no time/power cost. This could be done at send time to save > bandwidth, but that savings may not be worth it. OTOH, if we expect some > users to backup related cloned VMs (common with templates) the potential > savings then becomes very significant even with this simple method.
I tend to keep one or two clones of each template some number of weeks of updates behind, just in case an update (especially a *-testing update) goes awry. I think this approach is useful for most folks who are trying to balance "more secure by updating regularly" and "able to manually recover when a template stops working". So: a backup regime that can dedupe on some level would be very welcome. Q: Speaking of hashes (this is regardless of the encryption question): are the hashes in sparsebak salted per qubes system (or backup set?)...or would the same hash on two different (non-cloned) Qubes systems match for the same content? And Chris: thanks for all your contributions to Qubes usability, I really appreciate it. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ea9c4642-cf84-4bb8-bbe3-096c08b4aeeb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
