From owner-freebsd-security Sun May 16 17:55:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from tasam.com (tasam.com [206.161.83.22]) by hub.freebsd.org (Postfix) with ESMTP id DCF7114BED for ; Sun, 16 May 1999 17:55:16 -0700 (PDT) (envelope-from freebsd.list@bug.tasam.com) Received: from bug (bug.tasam.com [206.161.113.114]) by tasam.com (8.9.3/8.9.1) with SMTP id UAA11517; Sun, 16 May 1999 20:55:04 -0400 (EDT) Message-ID: <006b01be9fff$ee9176e0$7271a1ce@tasam.com> From: "Joe Gleason" To: , References: <199905170014.MAA18766@smtp1.ihug.co.nz> Subject: Re: secure backup Date: Sun, 16 May 1999 20:55:08 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I backup my workstation via piping a tar output through pgp. I never throught about the data error possiblity. It would be inclined to let tcp handle it. If that doesn't meet your needs, you could setup something completely insane with shell scripting. (My answer to every problem). The script could do something like this, on the machine with the files to backup (I'll call it A) it will run a find, and do a for loop on the output of that find. For each of these files, it will pgp the file and send it to B (system receiving backup) The sending can go something like this, A connects to B on port x and sends the filename that it is about to send. Then A connects to B on port y and sends the data. B saves the file that is receives on y as the name is was given on x and then adds this file to a tarball. This connection from A to B can be done via faucet and hose. This way, the final product will be a tarball on B that has each file encrypted and separate. There would be alot of security issues in making sure that A cannot be spoofed to send odd things to B to compromise it via ports x and y, but that could be handled with setting the remote host in faucet, maybe ipfw and general sanity checks on anything comming into B. My ramblings for the day. Joe Gleason Tasam ----- Original Message ----- From: To: Sent: Sunday, May 16, 1999 20:14 Subject: secure backup > Can anyone recommend how I should go about creating a backup to an untrusted > machine that has the tape drive, and using an untrusted network. > > I'm a bit wary of encrypting the output of tar or dump, as a single byte error > would make the rest of the backup useless. I'd like to encrypt (pgp?) each > file separately as I go, so that a corrupted byte affects only one file on > retrieval. Is there an existing way to do this, or should I hack tar or dump > into doing it? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message