How to randomly pad files before encryption to prevent file fingerprinting? (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn't pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn't find anything. Haven't found any recommendations on the privacyguides website either. Any help would be appreciated!

Thanks

top 11 comments

sorted by: hot top controversial new old

[-] [email protected] 15 points 4 months ago

Just use rclone. It does this natively.

[-] [email protected] 10 points 4 months ago

Can you point to where such a capability is mentioned in the documentation? I'm using rclone right now

[-] [email protected] 15 points 4 months ago

Here

[-] [email protected] 9 points 4 months ago

Thanks, this is great!

[-] [email protected] 1 points 4 months ago

I recommend making a giant tarball and encrypting that with gpg and then encrypting again with rclone.

[-] [email protected] 1 points 4 months ago

I wouldn't be able to do incremental backups in such a case

[-] [email protected] 5 points 4 months ago* (last edited 4 months ago)

Yes GPG should add appropriate padding (random initialization vector) to not reveal whether two ciphertexts have the same plaintext. It makes no real attempt to conceal that the two plaintexts have the same length. If you want that, best bet is to make all ciphertexts the same length, by padding plaintexts out to 1MB or whatever, and turning off compression. Actually you might first check the manual to see if there is already an option for that. There are a lot, and I no longer keep track.

Cryptographer's saying (Silvio Micali, I think): "A good disguise does not reveal the person's height". So you are on the right track.

[-] [email protected] 1 points 4 months ago

I also have media and other binary blobs which I'd like to archive in an encrypted fashion, will GPG suffice? ChatGPT mentioned OpenSSL for this but I'm not sure where that's taking me.

[-] [email protected] 0 points 4 months ago

Openssl really isn't the right thing for that. GPG is fine for individual files if you don't mind leaking the approximate length. You may be better off with borg backup depending on your exact use case.

[-] [email protected] 1 points 4 months ago* (last edited 4 months ago)

Any encryption worth being called that randomises itself such that the same file, encrypted twice with the same key, produces completely different ecrypted versions.

To put it another way, if similarities in files could be detected despite their encryption, then the encryption would be worthless.

https://en.m.wikipedia.org/wiki/Ciphertext_indistinguishability

[-] [email protected] 1 points 4 months ago

check out PicoCrypt

this post was submitted on 13 May 2024

21 points (100.0% liked)

Privacy

31306 readers

1192 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]