From owner-freebsd-security Wed May 3 8:33:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.11.80]) by hub.freebsd.org (Postfix) with ESMTP id 0D5E637B631 for ; Wed, 3 May 2000 08:33:36 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by kobayashi.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id KAA22019 for ; Wed, 3 May 2000 10:33:32 -0500 (EST) (envelope-from ajk@iu.edu) Date: Wed, 3 May 2000 10:33:32 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@kobayashi.uits.iupui.edu To: security@freebsd.org Subject: Cryptographic dump(8) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've just extended dump(8) and restore(8) to encipher dump lists and inode data with CBC 3DES, leaving the headers as cleartext. Keys can be entered from the tty or a cleartext file. The purpose is to safely transport and store dumps containing sensitive data. The question: what is the best way to verify a key handed to restore(8) to decipher a dump? My best thought so far is to store a checksum for the dumplist, which is just a bitmap of inodes on the tape, in its header. When restore tries to decipher the dumplist it will run its own checksum and compare. -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message