Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Strange issue with backup size

2013-04-08 07:23:05
Subject: Re: [Bacula-users] Strange issue with backup size
From: Radosław Korzeniewski <radoslaw AT korzeniewski DOT net>
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Date: Mon, 8 Apr 2013 13:18:41 +0200
Hello,

2013/4/7 Adrian Reyer <bacula-lists AT lihas DOT de>
On Sun, Apr 07, 2013 at 09:03:34PM +0200, Radosław Korzeniewski wrote:
> I think it is not possible to properly handle encrypted sparse data blocks
> without compromising security. The main data block size is 64kB long, so
> encrypted block should be more than 64kB long. Now, if we have a sparse
> block then its size is tens of bytes instead of 64kB, so encrypted block
> will be at the tens of bytes too not 64kB. So, if we have an encryption
> stream with a number of 64kB blocks (block boundary information is
> available on volume) and suddenly we will got a short block then for sure
> it will be a sparse block (I'm sure sparse block has its own stream
> number), then we can predict content. It is not good for security if we can
> predict original content. Think about it.

I am no mathematican but I don't really see how sparse blocks compromise
security in a real way. All an attacker knows is that a file that claims
to be 10G is only 10M,

It is not a problem with file size. It is a problem with encryption of known content. Known plaintext attack: http://en.wikipedia.org/wiki/Known-plaintext_attack. I'm not a security specialist either, so I can't confirm or deny we can use this attack to the Bacula Encryption functionality, but avoiding this kind of situation is a good practice.

If I'm wrong then functionality change is very simple and could be implemented in Bacula in a few minutes.

best regards
--
Radosław Korzeniewski
radoslaw AT korzeniewski DOT net 
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] Backup Catalog fatal error, rashid ahmed
Next by Date:  Re: [Bacula-users] Strange issue with backup size, Radosław Korzeniewski
Previous by Thread:  Re: [Bacula-users] Strange issue with backup size, Alberto Caporro
Next by Thread:  [Bacula-users] Change email to recived events for Bacula, Alberto Amo Garrido
Indexes:  [Date] [Thread] [Top] [All Lists]