Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 May 2000 10:18:40 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        "Andrew J. Korty" <ajk@iu.edu>
Cc:        security@FreeBSD.ORG
Subject:   Re: Cryptographic dump(8)
Message-ID:  <200005031718.KAA63329@apollo.backplane.com>
References:   <Pine.BSF.4.21.0005031019190.21805-100000@kobayashi.uits.iupui.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

:I've just extended dump(8) and restore(8) to encipher dump lists
:and inode data with CBC 3DES, leaving the headers as cleartext.  
:Keys can be entered from the tty or a cleartext file.  The
:purpose is to safely transport and store dumps containing
:sensitive data.
:
:The question: what is the best way to verify a key handed to
:restore(8) to decipher a dump?  My best thought so far is to
:store a checksum for the dumplist, which is just a bitmap of
:inodes on the tape, in its header.  When restore tries to
:decipher the dumplist it will run its own checksum and compare.
:
:-- 
:Andrew J. Korty, Lead Security Engineer
:Office of the Vice President for Information Technology
:Indiana University

    Store something like this in the header:

    [random (16 bytes)][MD5 of entire header including random, not including
    the MD5 itself]

    [ .................. entire block is encrypted (entire header, including
    random and MD5)]

    Restore would then decrypt the header using the user-supplied key, then
    MD5 it and compare the MD5 against the decrypted MD5.

    Storing a random sequence in the header that is MD5'd as well as 
    encrypted is very important because otherwise someone trying to break
    the encryption can 'guess' at what the contents of the header was in
    order to try to reverse-engineer the encryption.

    Also, putting a random number in each block is important if each block
    is separately encrypted, for the same reason.

    Using /dev/random to obtain your random numbers is considered to be 
    acceptable.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005031718.KAA63329>