[Box Backup] Asymmetric vs symmetric encryption

Peter Jalajas, GigaLock Backup Services boxbackup@fluffy.co.uk
Fri, 30 May 2008 08:30:11 -0400


Hi Greg,

I don't have the skills to really comment on your idea (although my
gut says that I can't see Box Backup changing to a password model as
you propose), but you raise an important issue.

What we _could_ do is provide a fairly long list of suggested methods
for securely making available the FileEncKeys.raw file (I think that's
the one you mean; as I phrase it to my customers, "Without that file,
you have no backup; with that file, someone else owns your backup.").

Suggestions might include, in no particular order yet:

a. Burning it to CD and putting it into a safe.
b. Strongly encrypting _copies_ of it with GPG (either symmetric or
PKI) and putting those strongly-encrypted copies in several fairly
secure areas, including off-site.
c. Secret-splitting it among trusted colleagues, including off-site.

Something like that.

I personally have a pile of them encrypted into 7z files (I used 7z
for convenient secure distribution to my Windows-based clients; I will
like change that back to GPG for boring reasons we can discuss
separately).
.
Thanks,
Pete

On Fri, May 30, 2008 at 8:08 AM, Greg Bolshaw <greg@bolshaw.me.uk> wrote:
> Dear list
>
> It seems that a limitation exists in Box Backup in that the whole system
> relies on the safe storage of the certificate file. If this is lost, the
> backups are rendered useless.
>
> Would it be possible to offer symmetric encryption as an alternative? This
> would work in a similar way to GPG's -c option:
>
>> -c, --symmetric [file]
>> Encrypt with a symmetric cipher using a passphrase. The default symmetric
>> cipher used is CAST5, but may be chosen with the --cipher-algo option. This
>> option may be combined with --sign (for a signed and symmetrically encrypted
>> message), --encrypt (for a message that may be decrypted via a secret key or
>> a passphrase), or --sign and --encrypt together (for a signed message that
>> may be decrypted via a secret key or a passphrase).
>
>
> A secret passphrase would be used to encrypt/decrypt the backup data rather
> than a certificate. This would just leave the issue of how to authenticate
> bbackupd against bbstored.
>
> Understandably, it would be less secure to protect data using a passphrase
> (which could then be subject to a brute force attack, etc.), but in the
> balance of security and practicality, would this be a reasonable compromise?
> (pun unavoidable!)
>
> Any thoughts on this?
>
> Thanks
> Greg