From owner-freebsd-security Sun May 16 17:57: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from mojo.calyx.net (mojo.calyx.net [208.132.136.2]) by hub.freebsd.org (Postfix) with SMTP id CF33214BED for ; Sun, 16 May 1999 17:56:58 -0700 (PDT) (envelope-from lists@mojo.calyx.net) Received: (qmail 1649 invoked from network); 17 May 1999 00:56:58 -0000 Received: from mojo.calyx.net (lists@208.132.136.2) by mojo.calyx.net with SMTP; 17 May 1999 00:56:58 -0000 Date: Sun, 16 May 1999 20:56:58 -0400 (EDT) From: Nicholas Merrill To: Joe Gleason Cc: nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup In-Reply-To: <006b01be9fff$ee9176e0$7271a1ce@tasam.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org you could try substituting BRU (www.estinc.com) for tar. BRU is much better at recovering from errors, and does checksums ---------------------------------------------------------------------------- Nicholas Merrill http://www.calyx.net Voice: 212-966-1900 President / CEO http://www.calyx.nl Fax : 212-966-3965 Calyx Internet Access 13 Laight St. NYC, NY 10013 Email: nick@calyx.net ---------------------------------------------------------------------------- On Sun, 16 May 1999, Joe Gleason wrote: > I backup my workstation via piping a tar output through pgp. I never > throught about the data error possiblity. It would be inclined to let > tcp handle it. > > If that doesn't meet your needs, you could setup something completely > insane with shell scripting. (My answer to every problem). > > The script could do something like this, > on the machine with the files to backup (I'll call it A) > > it will run a find, and do a for loop on the output of that find. For > each of these files, it will pgp the file and send it to B (system > receiving backup) > > The sending can go something like this, A connects to B on port x and > sends the filename that it is about to send. Then A connects to B on > port y and sends the data. B saves the file that is receives on y as > the name is was given on x and then adds this file to a tarball. > > This connection from A to B can be done via faucet and hose. > > This way, the final product will be a tarball on B that has each file > encrypted and separate. > > There would be alot of security issues in making sure that A cannot be > spoofed to send odd things to B to compromise it via ports x and y, > but that could be handled with setting the remote host in faucet, > maybe ipfw and general sanity checks on anything comming into B. > > My ramblings for the day. > > Joe Gleason > Tasam > > ----- Original Message ----- > From: > To: > Sent: Sunday, May 16, 1999 20:14 > Subject: secure backup > > > > Can anyone recommend how I should go about creating a backup to an > untrusted > > machine that has the tape drive, and using an untrusted network. > > > > I'm a bit wary of encrypting the output of tar or dump, as a single > byte error > > would make the rest of the backup useless. I'd like to encrypt > (pgp?) each > > file separately as I go, so that a corrupted byte affects only one > file on > > retrieval. Is there an existing way to do this, or should I hack > tar or dump > > into doing it? > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message