From owner-freebsd-security Tue May 18 15:33:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p22-max8.wlg.ihug.co.nz [209.79.142.214]) by hub.freebsd.org (Postfix) with ESMTP id C0B29154B5 for ; Tue, 18 May 1999 15:33:14 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id BAA09208; Wed, 19 May 1999 01:58:19 +1200 (NZST) Message-Id: <199905181358.BAA09208@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: Kris Kennaway Cc: Adam Shostack , Adam Shostack , nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup In-reply-to: Your message of "Mon, 17 May 1999 23:09:09 +0930." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 19 May 1999 01:58:19 +1200 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > I was talking about authentication for access to the tape server process > itself (preventing other people from writing onto your tape). You're correct > about PGP - it's probably better to use PGP instead of bdes (or equivalent > symmetric encryption filter) for this reason - verification that your data > stream was read back intact (and assuming perfect retrieval, was stored > intact) when you restore. If the backup is bigger than available space, then the stream would have to be processed twice, once to do the checksum, and then if that passed, a second time to actually restore files. Backups tend to be large, and temporary storage of the received stream is likely not to be an option. No doubt some sort of block checksumming approach could be taken. Andrew McNaughton -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message