Date: Mon, 17 May 1999 22:51:14 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Adam Shostack <adam@breakwater.homeport.org>, nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup Message-ID: <Pine.OSF.4.10.9905172246480.22357-100000@bragg> In-Reply-To: <373FEC63.D579485D@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 May 1999, Jeroen C. van Gelderen wrote: > Kris Kennaway wrote: > > > > On Sun, 16 May 1999, Adam Shostack wrote: > > > > > You're worried about errors on the tape, I presume? You could > > > pipe the output of pgp through something that does redundant > > > encoding, such that errors on the tape are recoverable outside > > > the tape. There are some direct tradeoffs that you can find > > > between bloat and recoverability; as you add bits, your odds > > > of being able to reconstruct increase. > > > > Pipe the output of dump or tar or whatever you're using through > > bdes(1). You don't need the overhead of PGP unless you want a > > trusted third party to read the backup without knowing the > > encryption key. > > PGP provides a password based encryption mode, just use that, you will > still benefit from PGPs compression and checksumming facilities. Didn't know that. What cipher does it use? > > Pass the data through three > > rounds of bdes doing an encrypt, decrypt, followed by encrypt (with different > > keys, of course) and you've got yourself 3DES, which bdes doesn't seem to do > > natively. Make the keys random, and stick those in a PGP file if you like. > > If you assume PGP is available, why not just use it? Using bdes(1) in > this setup sounds way more complicated (thus error-prone) to me. There's no /need/ to use PGP in this step - clearly you could do anything you like with the local keys, such as printing them out, or storing them as plaintext (or keeping a constant key used for multiple backups). > > Transport the data stream to the server using ssh -c none (no need for the > > overhead of another encryption layer unless you're really paranoid) > > Just being cautious is enough. Adding a layer of SSH encryption will at > least twarth offline dictionary attacks on the backup passphrase. > Encryption is cheap, why disable it if you don't have to? If you use a random passphrase as in my suggestion then dictionary attacks are worthless and you're only vulnerable to an (expensive) brute force keyspace search. Encrypting the already encrypted stream doesn't buy you anything I can see, except the extra CPU time. But it's not a big deal. Kris > > Cheers, > Jeroen > -- > Jeroen C. van Gelderen - jeroen@vangelderen.org - 0xC33EDFDE > ----- "That suit's sharper than a page of Oscar Wilde witticisms that's been rolled up into a point, sprinkled with lemon juice and jabbed into someone's eye" "Wow, that's sharp!" - Ace Rimmer and the Cat, _Red Dwarf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9905172246480.22357-100000>