[Box Backup] Asymmetric vs symmetric encryption

Greg Bolshaw boxbackup@fluffy.co.uk
Fri, 30 May 2008 13:08:03 +0100


Dear list

It seems that a limitation exists in Box Backup in that the whole  
system relies on the safe storage of the certificate file. If this is  
lost, the backups are rendered useless.

Would it be possible to offer symmetric encryption as an alternative?  
This would work in a similar way to GPG's -c option:

> -c, --symmetric [file]
> Encrypt with a symmetric cipher using a passphrase. The default  
> symmetric cipher used is CAST5, but may be chosen with the --cipher- 
> algo option. This option may be combined with --sign (for a signed  
> and symmetrically encrypted message), --encrypt (for a message that  
> may be decrypted via a secret key or a passphrase), or --sign and -- 
> encrypt together (for a signed message that may be decrypted via a  
> secret key or a passphrase).


A secret passphrase would be used to encrypt/decrypt the backup data  
rather than a certificate. This would just leave the issue of how to  
authenticate bbackupd against bbstored.

Understandably, it would be less secure to protect data using a  
passphrase (which could then be subject to a brute force attack,  
etc.), but in the balance of security and practicality, would this be  
a reasonable compromise? (pun unavoidable!)

Any thoughts on this?

Thanks
Greg