From owner-freebsd-security Mon May 17 6:20:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 0CD701515E for ; Mon, 17 May 1999 06:20:29 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id WAA26306; Mon, 17 May 1999 22:50:28 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA31149; Mon, 17 May 1999 22:51:17 +0930 Date: Mon, 17 May 1999 22:51:14 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: "Jeroen C. van Gelderen" Cc: Adam Shostack , nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup In-Reply-To: <373FEC63.D579485D@vangelderen.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 17 May 1999, Jeroen C. van Gelderen wrote: > Kris Kennaway wrote: > > > > On Sun, 16 May 1999, Adam Shostack wrote: > > > > > You're worried about errors on the tape, I presume? You could > > > pipe the output of pgp through something that does redundant > > > encoding, such that errors on the tape are recoverable outside > > > the tape. There are some direct tradeoffs that you can find > > > between bloat and recoverability; as you add bits, your odds > > > of being able to reconstruct increase. > > > > Pipe the output of dump or tar or whatever you're using through > > bdes(1). You don't need the overhead of PGP unless you want a > > trusted third party to read the backup without knowing the > > encryption key. > > PGP provides a password based encryption mode, just use that, you will > still benefit from PGPs compression and checksumming facilities. Didn't know that. What cipher does it use? > > Pass the data through three > > rounds of bdes doing an encrypt, decrypt, followed by encrypt (with different > > keys, of course) and you've got yourself 3DES, which bdes doesn't seem to do > > natively. Make the keys random, and stick those in a PGP file if you like. > > If you assume PGP is available, why not just use it? Using bdes(1) in > this setup sounds way more complicated (thus error-prone) to me. There's no /need/ to use PGP in this step - clearly you could do anything you like with the local keys, such as printing them out, or storing them as plaintext (or keeping a constant key used for multiple backups). > > Transport the data stream to the server using ssh -c none (no need for the > > overhead of another encryption layer unless you're really paranoid) > > Just being cautious is enough. Adding a layer of SSH encryption will at > least twarth offline dictionary attacks on the backup passphrase. > Encryption is cheap, why disable it if you don't have to? If you use a random passphrase as in my suggestion then dictionary attacks are worthless and you're only vulnerable to an (expensive) brute force keyspace search. Encrypting the already encrypted stream doesn't buy you anything I can see, except the extra CPU time. But it's not a big deal. Kris > > Cheers, > Jeroen > -- > Jeroen C. van Gelderen - jeroen@vangelderen.org - 0xC33EDFDE > ----- "That suit's sharper than a page of Oscar Wilde witticisms that's been rolled up into a point, sprinkled with lemon juice and jabbed into someone's eye" "Wow, that's sharp!" - Ace Rimmer and the Cat, _Red Dwarf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message