fix chunkify

1 files changed, 46 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..50604d0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# bb: basic backup
+
+Incremental encrypted backup system
+
+## Current design
+
+1. cksum original (sha256)
+2. compress (gzip)
+2. encrypt (aes256)
+3. split in cksumed chunks. chunks are named from the hmac of
+   encrypted+compressed
+4. build index of chunks
+5. compress (gzip) and encrypt (aes) index
+6. return index cksum
+
+Good:
+- chunks are named from their compressed/crypted hmac.
+
+Problems:
+- the salt (or iv in aes) must be set to 0. Weak encryption.
+- dedup occurs only for append only files. The same chunk content will lead to
+  a different hmac if located at a different offset.
+
+To fix:
+- chunk before compression
+- name chunks from cksum of uncompressed/unencrypted data.
+- then compress and encrypt (in this order).
+
+Chunk encryption can use randomized cipher, but a hmac must be added at end of
+file (before encrypt) to check integrity without having to decrypt/decompress.
+
+## What tarsnap is doing
+
+1. cksum original (sha256)
+2. build chunks of variable size
+3. cksum uncompressed unencrypted chunks
+4. compress chunk (deflate)
+5. encrypt chunk (rsa2048) + HMAC
+
+
+## References
+
+- tarsnap: https://www.tarsnap.com https://github.com/tarsnap/tarsnap
+- chunker: https://github.com/karinushka/chunker
+- borg: https://borgbackup.org
+- rclone: https://rclone.org