## Winner of the 1517 Grantee Award at Hacklahoma 2020 How To Use In order to compile psync, simply execute the following in the command terminal: gcc psync.c acl.c acl.h -o psync.o -lsodium NOTE: You must have the libsodium library installed in your computer's source files and library dependencies directories. If you are using ArchLinux, then just run the following in terminal: sudo pacman -S libsodium Execution ./psync.o src dest The following is straight from my DevPost Submission for Hacklahoma 2020, with updated information ;): Inspiration I was disappointed with AES-256, since it does not defend against timing side-channel attacks. I was inspired by xchacha20-poly1305 cipher and the rsync command. That, and xchacha20-poly1305 is actually faster than AES. Secure deletion of backup files is not an option. It is completely impossible to gurantee that a file stored in an SSD or HDD has definitely been wiped. So I decided to store encrypted backups in drives from the very beginning to ensure that sensitive data cannot be compromised, even if previous versions of the file's or directory's history are stored in the hard drive's journaling filesystem. The Ext* filesystems are especially famous for automatically keeping version histories of files. I decided to create this so I can make encrypted backups of my entire root directory. There are several benefits to doing this, including that you can transfer between: 1. Different hard drive space used between the backup and restoration drives 2. Different partition tales used between the backup and restoration drives 3. Different filesystems used between the backup and restoration drives 4. You do not need to perform full-disk encryption on your backup hard drive. Backing up and restoring on a portable drive protected by full-disk encryption is difficult. If you actually perform full system backups by simply backing up the root directory, then you will use up far less disk space than what you would use if you were cloning the entire filesystem of your device. You also have more control over the following between the backup and restoration directories: 1. File Permissions (think chmod permissions) 2. Attributes ( all information in the Access Control List ). Even for extended attributes. What It Does It makes an encrypted copy of a directory, effectively serving as an encrypted backup tool. How I Built It Using the libsodium library written in the C programming language Challenges I Ran Into Dealing with file permissions and ownership permissions of files and directories. Accomplishments That I'm Proud Of I learned how to recursively delete only the files in the destination directory that do not exist in the source directory. This helps update the backup directory. This is what the famous "rsync --delete" command does. My project is designed to do what rsync does AND automatically encrypt/decrypt your backups using the very strong xchacha20-poly1305 cipher on your behalf. What I learned I learned many of the library functions used for encryption, decryption, and password hashing from the libsodium library. I also learned how the rsync command smartly copies files and directories. Perhaps the most significant discovery is that libsodium actually offers an even more public-private key cryptography system than RSA-RSA: crypto_box(). I will add support for this in the prm project. What's next for prm Add an option for using a public-private key crytography authentication for encrypting backups in addition to using a password. Ensure prm can read and tell the latest modification date/time of a file. This will allow prm to skip files that are already up to date. I actually intend to submit this project as both ArchLinux and Gentoo packages. This project was made on an ArchLinux laptop, although I am in the process of migrating to the Gentoo Linux operating system. I intend people to use this simple program to make encrypted backups of their entire root directory. Moreover, libsodium even has functions for storing password hashes (with salt). Currently, linux system merely use SHA512 to store passwords. Which is not great since checksum algorithms like SHA512 are vulnerable to dictionary and GPU cracking attacks like rainbow-table attacks. A better algorithm would be argon2id, which libsodium has a built in function for: crypto_pwhash_str() and crypto_pwhash_str_verify(), which have complete support for argon2id. I intend to make use of these functions to store my login passwords in my linux computer. To do this, the hashes that crypto_pwhash_str() outputs must be printed to a special file in linux called "/etc/shadow". If you have a mac that file instead is called: "/etc/passwd". Having my passwords stored as an argon2id hash is a much, much safer alternative than using SHA-512. Still more, I intend to use the libsodium library to also develop a program that will perform full-disk encryption of an entire computer's hard drive. Protecting its contents from being seen by someone without the owner's permssion. Since true secure-deletion of files is a myth, the best thing we can do is to perform full-disk encryption on the hard drive to prevents its contents from being tampered. It is arguably best to use the public-private key cryptography system libsodium offers: "crypto_box" library suite. Finally, libsodium even has an asymmetric encryption system, similiar to the RSA-RSA private-public key system. Unlike RSA, libsodium's asymmetric encryption is also resistant to timing side-channel attacks. Imagine a hacker hacking into your computer through an SSH login simply by performing this attack. It is my intention to even add support for this asymmetric public-private key system to the GPG suite. This will be done using libsodium's "crypto_box" public-private key cryptography suite. Built With: C