Show HN: Arc – secure file archiver

This is the first that I&#x27;ve heard of ChaCha for encryption (<a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Salsa20#ChaCha_variant" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Salsa20#ChaCha_variant</a>).<p>Apparently it&#x27;s a standard that Google is pushing to replace RC4 and already is using for HTTPS between google.com and Android.<p>If arc catches on I&#x27;m curious if it could support inline operations. E.g. on a 100gb+ archive can I read the tar index without decrypting the entire archive first, can I extract a single file? The ChaCha algorithm is a <i>streaming cipher</i>, which as I understand suggests that I cannot do operations like that.<p>Even worse now that I&#x27;m thinking about this, if my archive has a bit error early in the file does that mean the entire archive cannot be decrypted. Maybe for long term storage I&#x27;m better off physically securing my archives than encrypting them to avoid bit rot ruining everything.

Cool! I usually use gpg-zip for this purpose on machines where I have gpg installed.<p><pre><code> gpg-zip --symmetric --gpg-args --cipher-algo=AES256 --output backup.tar.gpg file1 file2 file3</code></pre>

This seems counter to the &quot;unix philosophy&quot;. I would expect to use an archiving tool piped into an encryption tool. I&#x27;m not sure of the utility of something that combines the two.

Can anyone tell me what advantage tgz has over zip? I usually curse when I have to use it, because it lacks indexes and is pretty much only good for archival tapes, if that. I wish we&#x27;d all move to a more modern format, like zip or 7zip.

It&#x27;s not clear from the README ... is this a client&#x2F;server app, wherein I need to have &#x27;arc&#x27; living on the server side ?<p>Or can I just point arc to SSH&#x2F;SFTP and the server can be &quot;dumb&quot; ?

The name arc has namespace collision problems. Not in software in general (I never complained about somebody calling their language elm - that&#x27;s Cantrill&#x27;s job), but in archivers in particular. Arc was the format that directly preceded zip, pkzip being the program that pk started selling after it was discovered that pkarc&#x27;s source code was copied verbatim from the source for the original arc utility.

Can the author compare and contrast to &#x27;borg&#x27; which, it appears, has become the de facto standard for this kind of work ?

Why use this over tarsnap&#x27;s client (which is also free software and has features like local deduplication).

Just a couple of commits from one contributor. I&#x27;ll keep an eye on it; hope it gets more traction.

What HMAC is used to verify the contents of the archive before decryption takes place?

Seems like it would be more unix-like to just pipe tar into gpg.