From owner-freebsd-security Mon May 17 6:59:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from weathership.homeport.org (breakwater.homeport.org [216.67.13.2]) by hub.freebsd.org (Postfix) with ESMTP id 4F014152CE for ; Mon, 17 May 1999 06:59:32 -0700 (PDT) (envelope-from adam@weathership.homeport.org) Received: (from adam@localhost) by weathership.homeport.org (8.8.8/8.8.5) id KAA02583; Mon, 17 May 1999 10:12:52 -0400 (EDT) Date: Mon, 17 May 1999 10:12:52 -0400 From: Adam Shostack To: Kris Kennaway Cc: Adam Shostack , nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup Message-ID: <19990517101251.A2526@weathership.homeport.org> References: <19990517093143.B2322@weathership.homeport.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Kris Kennaway on Mon, May 17, 1999 at 11:09:09PM +0930 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, May 17, 1999 at 11:09:09PM +0930, Kris Kennaway wrote: | On Mon, 17 May 1999, Adam Shostack wrote: | | > If the tape is unreliable, and you lose a few bits of a plaintext | > file, you've lost a few bits. If its a few bits of an encrypted and | > compressed file, you may lose the whole file. | | Yes, but the question is whether tapes do this at all. The normal use of a | backup tape (preserving a perfect copy of everything you send to it) is ruined | if tapes are dropping bits - I don't think you'd see this unless | your hardware was bad, in which case any relatively lightweight | encoding method is likely to be in trouble too. The other way this can happen is over extended (5-10 years) time periods; if you're planning to have your backups have a shelf life of N years, you may want to worry about tape degridation. | The best you could do to guard against this would be to either run your | encrypted data stream through an error-correcting code filter (I | don't know of | any tools which can do this, but it's not hard to write), or break up your | input into blocks and encrypt them separately (or use the DES ECB mode). There are better ways to get error recovery than ECB mode ciphers; CBC will recover from errors with a few blocks of lossage. My concern would be if you lose bits in the message headers, your ability to decrypt may disappear entirely. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message