From owner-freebsd-security Sun May 16 17:58:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from tasam.com (tasam.com [206.161.83.22]) by hub.freebsd.org (Postfix) with ESMTP id DCE5D14BED for ; Sun, 16 May 1999 17:58:38 -0700 (PDT) (envelope-from freebsd.list@bug.tasam.com) Received: from bug (bug.tasam.com [206.161.113.114]) by tasam.com (8.9.3/8.9.1) with SMTP id UAA15848; Sun, 16 May 1999 20:58:25 -0400 (EDT) Message-ID: <008101bea000$637a5bc0$7271a1ce@tasam.com> From: "Joe Gleason" To: "Nicholas Merrill" Cc: , References: Subject: Re: secure backup Date: Sun, 16 May 1999 20:58:30 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org But that wouldn't be nearly as much fun! ----- Original Message ----- From: Nicholas Merrill To: Joe Gleason Cc: ; Sent: Sunday, May 16, 1999 20:56 Subject: Re: secure backup > > you could try substituting BRU (www.estinc.com) for tar. BRU is much > better at recovering from errors, and does checksums > > -------------------------------------------------------------------- -------- > Nicholas Merrill http://www.calyx.net Voice: 212-966-1900 > President / CEO http://www.calyx.nl Fax : 212-966-3965 > Calyx Internet Access 13 Laight St. NYC, NY 10013 Email: nick@calyx.net > -------------------------------------------------------------------- -------- > > On Sun, 16 May 1999, Joe Gleason wrote: > > > I backup my workstation via piping a tar output through pgp. I never > > throught about the data error possiblity. It would be inclined to let > > tcp handle it. > > > > If that doesn't meet your needs, you could setup something completely > > insane with shell scripting. (My answer to every problem). > > > > The script could do something like this, > > on the machine with the files to backup (I'll call it A) > > > > it will run a find, and do a for loop on the output of that find. For > > each of these files, it will pgp the file and send it to B (system > > receiving backup) > > > > The sending can go something like this, A connects to B on port x and > > sends the filename that it is about to send. Then A connects to B on > > port y and sends the data. B saves the file that is receives on y as > > the name is was given on x and then adds this file to a tarball. > > > > This connection from A to B can be done via faucet and hose. > > > > This way, the final product will be a tarball on B that has each file > > encrypted and separate. > > > > There would be alot of security issues in making sure that A cannot be > > spoofed to send odd things to B to compromise it via ports x and y, > > but that could be handled with setting the remote host in faucet, > > maybe ipfw and general sanity checks on anything comming into B. > > > > My ramblings for the day. > > > > Joe Gleason > > Tasam > > > > ----- Original Message ----- > > From: > > To: > > Sent: Sunday, May 16, 1999 20:14 > > Subject: secure backup > > > > > > > Can anyone recommend how I should go about creating a backup to an > > untrusted > > > machine that has the tape drive, and using an untrusted network. > > > > > > I'm a bit wary of encrypting the output of tar or dump, as a single > > byte error > > > would make the rest of the backup useless. I'd like to encrypt > > (pgp?) each > > > file separately as I go, so that a corrupted byte affects only one > > file on > > > retrieval. Is there an existing way to do this, or should I hack > > tar or dump > > > into doing it? > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message