From owner-freebsd-questions@FreeBSD.ORG Tue May 26 14:31:30 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21C1B1065679 for ; Tue, 26 May 2009 14:31:30 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id E88278FC1F for ; Tue, 26 May 2009 14:31:29 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id A3A13346A55; Tue, 26 May 2009 10:31:28 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 26 May 2009 10:31:28 -0400 X-Sasl-enc: pxMPk3yEskp6tExy1OSCxOzAZarsFMmxgJj1oZM7kApk 1243348288 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id 07E93AD9D; Tue, 26 May 2009 10:31:27 -0400 (EDT) Message-Id: <43F89C0B-370E-4E29-9214-E447768C97A3@goldmark.org> From: Jeffrey Goldberg To: Roland Smith In-Reply-To: <20090525190039.GA39139@slackbox.xs4all.nl> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Tue, 26 May 2009 09:31:25 -0500 References: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com> <20090525190039.GA39139@slackbox.xs4all.nl> X-Mailer: Apple Mail (2.935.3) Cc: Kelly Jones , freebsd-questions@freebsd.org Subject: Re: Secure unsalted or fixed salt symmetric encryption? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 14:31:30 -0000 On May 25, 2009, at 2:00 PM, Roland Smith wrote: > You could use the -S option and specify a constant salt. It might make > the encrypted materials easier to break, though. You can generate a > random salt with openssl as well: > Or you can use the -nosalt option. But as explained in > [http://www.openssl.org/docs/apps/enc.html], using a random salt by > default is a design decision because: "Without the -salt option it is > possible to perform efficient dictionary attacks on the password". > That > doesn't sound good, does it? This is being used for file encryption, not password encryption. So a dictionary attack isn't all that likely unless the encrypted files are of a specific nature (known template which remains constant while only small parts of the file vary). Note that without salt (or with constant salt) an attacker would know which files are identical both within a snapshot or across them. But this is pretty much what the OP wants the back-up system to know, so I guess that would be okay. > If you are using a (e.g. USB connected) disk as backup, use geli(8) > to encrypt > the whole disk instead of encrypting each file separately. The OP may be doing something like rsync over an insecure network. But in the absence of details about the OPs situation it's hard to make solid recommendations. As you suggest, encrypting the resulting back-up filesystem is probably the the best option if the back-up filesystem is exacted to be the target of attack. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/