Date: Sun, 16 May 1999 20:56:58 -0400 (EDT) From: Nicholas Merrill <lists@mojo.calyx.net> To: Joe Gleason <freebsd.list@bug.tasam.com> Cc: nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup Message-ID: <Pine.BSF.4.05.9905162056090.24854-100000@mojo.calyx.net> In-Reply-To: <006b01be9fff$ee9176e0$7271a1ce@tasam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
you could try substituting BRU (www.estinc.com) for tar. BRU is much better at recovering from errors, and does checksums ---------------------------------------------------------------------------- Nicholas Merrill http://www.calyx.net Voice: 212-966-1900 President / CEO http://www.calyx.nl Fax : 212-966-3965 Calyx Internet Access 13 Laight St. NYC, NY 10013 Email: nick@calyx.net ---------------------------------------------------------------------------- On Sun, 16 May 1999, Joe Gleason wrote: > I backup my workstation via piping a tar output through pgp. I never > throught about the data error possiblity. It would be inclined to let > tcp handle it. > > If that doesn't meet your needs, you could setup something completely > insane with shell scripting. (My answer to every problem). > > The script could do something like this, > on the machine with the files to backup (I'll call it A) > > it will run a find, and do a for loop on the output of that find. For > each of these files, it will pgp the file and send it to B (system > receiving backup) > > The sending can go something like this, A connects to B on port x and > sends the filename that it is about to send. Then A connects to B on > port y and sends the data. B saves the file that is receives on y as > the name is was given on x and then adds this file to a tarball. > > This connection from A to B can be done via faucet and hose. > > This way, the final product will be a tarball on B that has each file > encrypted and separate. > > There would be alot of security issues in making sure that A cannot be > spoofed to send odd things to B to compromise it via ports x and y, > but that could be handled with setting the remote host in faucet, > maybe ipfw and general sanity checks on anything comming into B. > > My ramblings for the day. > > Joe Gleason > Tasam > > ----- Original Message ----- > From: <nr1@ihug.co.nz> > To: <freebsd-security@FreeBSD.ORG> > Sent: Sunday, May 16, 1999 20:14 > Subject: secure backup > > > > Can anyone recommend how I should go about creating a backup to an > untrusted > > machine that has the tape drive, and using an untrusted network. > > > > I'm a bit wary of encrypting the output of tar or dump, as a single > byte error > > would make the rest of the backup useless. I'd like to encrypt > (pgp?) each > > file separately as I go, so that a corrupted byte affects only one > file on > > retrieval. Is there an existing way to do this, or should I hack > tar or dump > > into doing it? > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905162056090.24854-100000>