From owner-freebsd-security Mon May 17 7: 2:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 93C4D1522D for ; Mon, 17 May 1999 07:02:48 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id XAA26602; Mon, 17 May 1999 23:32:47 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA07121; Mon, 17 May 1999 23:33:36 +0930 Date: Mon, 17 May 1999 23:33:34 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: "Jeroen C. van Gelderen" Cc: Adam Shostack , nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup In-Reply-To: <37401CDF.CEFA8B53@vangelderen.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 17 May 1999, Jeroen C. van Gelderen wrote: > This feature has been available since PGP's early days. It uses PGP's > default symmetric cipher. Which is what? I don't have PGP handy here.. > > > If you assume PGP is available, why not just use it? Using bdes(1) in > > > this setup sounds way more complicated (thus error-prone) to me. > > > > There's no /need/ to use PGP in this step - clearly you could do anything you > > like with the local keys, such as printing them out, or storing them as > > plaintext (or keeping a constant key used for multiple backups). > > I realize that. But using bdes(1) when you have PGP available is not a > very good idea. Using bdes(1) actually never is a good idea because of > it's crappy key handling (no hashing). bdes(1) allows you to shoot > yourself in the foot without you realizing it. Can you elaborate on this? Apart from the fact that bdes expects keys to be given on the command line for non-interactive use (and not taken from a file, which should be an easy hack to make), what's wrong with it? > > If you use a random passphrase as in my suggestion then dictionary attacks are > > worthless and you're only vulnerable to an (expensive) brute force keyspace > > search. Encrypting the already encrypted stream doesn't buy you anything I can > > see, except the extra CPU time. But it's not a big deal. > > Uhm, a dose of reality here: how many people will pick random > passphrases of sufficient length? There is almost never reason to > disable SSH encryption. Yes, but the original problem related to a non-interactive tape backup. There is no reason to have the encryption key as a human-memorable phrase; on the contrary it's much better to make it a machine-generated random string of the sufficient length. Kris ----- "That suit's sharper than a page of Oscar Wilde witticisms that's been rolled up into a point, sprinkled with lemon juice and jabbed into someone's eye" "Wow, that's sharp!" - Ace Rimmer and the Cat, _Red Dwarf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message