On Wed, Feb 22, 2006 at 03:34:44PM -0800, Kevin Till wrote:
> >- What is the point to uuencode and encrypt (with gpg) random data to
> > generate the key? Since the passphrase is stored on the same host,
> > protecting the key with the passprase is not of much use (IMHO).
>
> It illustrates the method of using multi-key which a strong point of
> aespipe.
OK, I see. "multi-key" was the magic word that (after some googling)
made me understand what's going on here. AFAICS, multi-keys can prevent
watermark-attacks? Are there more advantages to them?
> And it's a symmetric encryption and to facilitate automatic
> backup, the passphrase has to be stored somewhere.
This is (one) of the reasons why I'd prefer a pubkey method: You don't
have the passphrase lying around on a networked box.
> >- Why using aespipe at all? Is there any reason not to use gpg?
> > AFAICS, aespipe introduces only an additinal layer of complexity.
> Amanda users have used aespipe in the past, so it's there.
Hmmm, AFAIK is aespipe part of loop-aes and loop-aes is deprecated
because the kernel developers want to switch to devmapper. Please
correct me and clarify if I'm wrong.
> I believe aespipe gives better performance since gpg is doing more
> than just encryption.
AFAIK, gpg does compression in addition to encryption. But then you need
to compare gzip+aespipe against gpg. Or did you mean something different?
> >- Since the server says whether/which encryption is to be used, the
> > server can request unencrypted backups from the client. This
> > implies that the server has to be trusted.
>
> Use "auth ssh/krb4/krb5" to enable transport encryption.
I am not about transport encryption here. I am about not trusting the
amanda server.
Thanks for the explanations, Kevin!
|