On 12/11/05, Josef Wolf <jw AT raven.inka DOT de> wrote:
> On Sat, Dec 10, 2005 at 09:12:49AM -0800, Kevin Till wrote:
>
> > I have added a dumptype option, "encrypt".
>
> Great! Thanks for your afford to bring encryption into amanda's core.
>
> I have not taken a close look on it yet.  From the description, I have the
> impression that this solution is based on symmetric encryption.  I don't
> think this is a good idea.  Having the passphrase lying around on all
> your clients[1] is a big weakness, IMHO.  It would be better to encrypt
> with a public key.  The private key and the passprase should be locked
> away to a safe place. They should be needed only for desaster-recovery.
>
> [1] You need client-side encryption if you don't want your data flowing
> unencrypted over the network.

You can use ssh for server/client communication and server side data
encryption.

Paddy
>
> --
> No software patents in Europe -- http://nosoftwarepatents.com
> -- Josef Wolf -- jw AT raven.inka DOT de --
>


--

Amanda documentation: http://wiki.zmanda.com
Amanda forums: http://forums.zmanda.com