Networker

[Networker] encryption of bootstrap

2007-12-18 19:20:46
Subject: [Networker] encryption of bootstrap
From: Rick Brode <rick AT BRODETRAINING DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 18 Dec 2007 17:17:01 -0700
A student in class today raised a question about AES encryption that I can't answer. When a directive is configured to perform aes encryption during backup of a NW client, is the bootstrap save set also encrypted? I would think not, since the bootstrap is being backed up from the NW server and not the NW client; t seems like it would also tend to confuse mmrecov if the bootstrap ever was encrypted. If this is the case, it seems that if the volume containing the client's encrypted save sets falls into "evil hands", the unencrypted bootstrap save set could be recovered (assuming it is on the same volume) and the datazone pass phrase used to perform the encryption could be determined from the recovered resources. Thus, the purpose of doing the encryption is thwarted; someone can determine the pass phrase used to perform the encryption and therefore recover any of the data on the volume.

Am I misunderstanding something here?

Thanks,
Rick

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>