[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Popcon-developers] Drop atime and ctime for privacy reasons possible?



Bill Allombert:
> On Sun, Oct 28, 2012 at 04:25:23PM +0000, adrelanos wrote:
>> Bill Allombert:
>>> On Sat, Oct 27, 2012 at 11:48:45PM +0000, adrelanos wrote:
>>>> Bill Allombert:
>>>>> On Sat, Oct 27, 2012 at 09:55:22AM +0000, adrelanos wrote:
>>>>>> Paul Wise:
>>>>>>> On Fri, Oct 26, 2012 at 6:37 PM, adrelanos wrote:
>>>>>>> 
>>>>>>>> for privacy reasons.
>>>>>>> 
>>>>>>> In addition, it would be great to see popcon.d.o switch
>>>>>>> to SSL to
>>>> add privacy.
>>>>> 
>>>>> I would rather use gpg.
>>>> 
>>>> gpg is fine.
>>> 
>>> Could you do some benchmark ? - Generate a popcon report on a
>>> system with a large number of packages
>> installed,
>>> - Encrypt it with gpg --armor with some public key. - Then
>>> decrypt it 1000 times with the matching private key. - Compute
>>> time. - Retry with a different keylength or algorithm.
>>> 
>>> Cheers,
>> 
>> ~100 KiB popcon file encrypted with 4096/4096 gpg key.
> 
> What does mean 4096/4096 ? RSA 4096 ? What symmetric encryption
> scheme is used?

RSA 4096 asymmetric encryption.

>> 100 times decrypted took 16 seconds inside a rather slow single
>> core virtual machine.
> 
> popcon has to process at least 20000 report by day, so this means a
> time closes to 1h, which is about the current time it takes, which
> is probably acceptable.
> 
>> Test script: https://github.com/adrelanos/popcon-benchmark
> 
> Thanks for your work!
> 
> Cheers,




Reply to: