diff options
| -rw-r--r-- | tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499058571.M904825P8320Q1.koom | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499058571.M904825P8320Q1.koom b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499058571.M904825P8320Q1.koom new file mode 100644 index 0000000..b0b29dd --- /dev/null +++ b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499058571.M904825P8320Q1.koom @@ -0,0 +1,159 @@ +Return-Path: <obnam-dev-bounces@obnam.org> +X-Original-To: distix@pieni.net +Delivered-To: distix@pieni.net +Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) + by pieni.net (Postfix) with ESMTPS id B258E44F02 + for <distix@pieni.net>; Mon, 3 Jul 2017 05:05:53 +0000 (UTC) +Received: from platypus.pepperfish.net (unknown [10.112.101.20]) + by yaffle.pepperfish.net (Postfix) with ESMTP id 6DD4041C94; + Mon, 3 Jul 2017 06:05:53 +0100 (BST) +Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) + by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) + id 1dRtYX-0005gP-Dd; Mon, 03 Jul 2017 06:05:53 +0100 +Received: from [10.112.101.21] (helo=inmail2.pepperfish.net) + by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian)) + id 1dRtYV-0005gB-RN + for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 06:05:51 +0100 +Received: from koom.pieni.net ([88.99.190.206] helo=pieni.net) + by inmail2.pepperfish.net with esmtps + (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) + (envelope-from <liw@liw.fi>) id 1dRtYT-0003yB-9M + for obnam-dev@obnam.org; Mon, 03 Jul 2017 06:05:51 +0100 +Received: from exolobe3.liw.fi (82-181-57-241.bb.dnainternet.fi + [82.181.57.241]) by pieni.net (Postfix) with ESMTPSA id 9CB7F415C2; + Mon, 3 Jul 2017 05:05:42 +0000 (UTC) +Received: from liw.fi (localhost [127.0.0.1]) + by exolobe3.liw.fi (Postfix) with ESMTPS id 872001200D0; + Mon, 3 Jul 2017 08:05:41 +0300 (EEST) +Date: Mon, 3 Jul 2017 08:05:40 +0300 +From: Lars Wirzenius <liw@liw.fi> +To: Wladimir Palant <gtiobnam@palant.de> +Message-ID: <20170703050540.p5co243yxedvsaca@liw.fi> +References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> +MIME-Version: 1.0 +In-Reply-To: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> +User-Agent: NeoMutt/20170113 (1.7.2) +X-Pepperfish-Transaction: 17ce-3045-f19b-6deb +X-Spam-Score: -3.4 +X-Spam-Score-int: -33 +X-Spam-Bar: --- +X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 06:05:51 +0100 +X-Spam-Report: Content analysis details: (-3.4 points) + pts rule name description + ---- ---------------------- -------------------------------------------------- + -0.5 PPF_USER_AGENT User-Agent: exists + -1.0 PPF_USER_AGENT_MUTT User-Agent: contains Mutt (Mutt isn't a spam + tool) + -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% + [score: 0.0000] +X-ACL-Warn: message may be spam +X-Scan-Signature: ead9a2b6d4436a72c03b49bb9387508d +Cc: obnam-dev@obnam.org +Subject: Re: [rfc] Passphrase-based encryption +X-BeenThere: obnam-dev@obnam.org +X-Mailman-Version: 2.1.5 +Precedence: list +List-Id: Obnam development discussions <obnam-dev-obnam.org> +List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>, + <mailto:obnam-dev-request@obnam.org?subject=unsubscribe> +List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org> +List-Post: <mailto:obnam-dev@obnam.org> +List-Help: <mailto:obnam-dev-request@obnam.org?subject=help> +List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>, + <mailto:obnam-dev-request@obnam.org?subject=subscribe> +Content-Type: multipart/mixed; boundary="===============1394484192573658266==" +Mime-version: 1.0 +Sender: obnam-dev-bounces@obnam.org +Errors-To: obnam-dev-bounces@obnam.org + + +--===============1394484192573658266== +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; boundary="7qbtxbyxqzy7vbbt" +Content-Disposition: inline + + +--7qbtxbyxqzy7vbbt +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +On Mon, Jul 03, 2017 at 12:14:44AM +0200, Wladimir Palant wrote: +> Hi, +>=20 +> with GPG being great and all that, I'd still prefer having the option to = +use +> a plain passphrase and AES encryption with obnam. IMHO, this approach has +> two advantages: +>=20 +> * Considerably simpler setup, you merely need to come up with a high-entr= +opy +> passphrase. +> * Much easier to back up - you don't need to worry about losing the +> passphrase due to a hard drive crash. If you are afraid of forgetting it, +> then writing it down and keeping somewhere safe will do. + +If you want this, you should write a plugin that adds symmetric +encryption in addition to the PGP based on that Obnam currently +provides. You should probably do it by only encrypting the symmetric +encryption key that PGP encrypts. This would allow PGP and symmetric +to be used on the same repo by different clients. + +I am afraid, however, that I am unlikely to accept the plugin into +Obnam proper, since I don't think it makes things better. It's true +that it will probably be easier to set up, but at the cost of more +difficult key management. + +Backing up small files such as PGP keys is so easy I don't agree with +that part of your argument. It's a matter of a few kilobytes. You +could put the key into a QR code and print it on paper. + +Also, environment variables can be read by other processes, just like +command line arguments can be. See /proc/*/environ. The environ files +are only readable by the owner, but it's still not a way to pass +secrets, in my opinion. Defense in depth, and all that. + +> * The current encryption plugin will use /dev/random rather than +> /dev/urandom by default. + +Since 1.20 (October 2010) the default is /dev/urandom. + +--=20 +I want to build worthwhile things that might last. --joeyh + +--7qbtxbyxqzy7vbbt +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEETNTnrewG6wEE1EJ3bC+mFux6IDEFAllZ0KMACgkQbC+mFux6 +IDFF9hAArBHn3l/cnizZqcmvzAzZUoqGcORXRhgJP2nzFIqF+cVRduWDwaYpOheF +UqBDUF2emxdBKmDwTg/ydptWFgC5o5rO4xo1DVTMT23HZZHEYdKCtUhH+QTUUJyO +EUKuOpP9CAUXGOBmhnP1FeLC6Q0BaUprQVZaPWX5ULFy5n7cav/piRChQJ0bheq7 +6E32te9lIJsQNtnrjwlevdNt7u14WpzCPRi/Mwl7LoNuYdtZY+ubGIhNSlfJQp3N +ERUU4oAFM9iaRlXIf24vbziGFEa01pCOSqpxO0nvKk/OjIvn8Nc++5wcgDqE5ouP +A1RnMlE/mdPR/Gh8FtVrHOxk5Icx5aA3ApwzY9Br6XXf39XhsYD5lSxeGOWAOQhP +VvtD/flXBeL9pRimMHMDaxLHmkv2JfpB9EhmSmO1G5N/Yz/e1O9Qej+sv8M85y7Y +dONaiQsS2fEAMky9kn+01UR2xXSrhxeXBbT6mavbd1F7CR/GXiU/pe4CsURj7z8K +vNS9UwdsGLICgpi59TTd7J/UxieBkn8XYq904X1Zt7Zl7QE7gdk/dDTg9AzikRTy +tmcBVQ7xDeP7EeOlRJ7aFZcj3LbwoY4kfsvV7oJocd5xdiCF/HruUKxfoHtmigQv +OUHw/Xlvi075ekz2o2Woc52+Pvv0Z8NPAWpgNaj2guf+q1wZ2SE= +=nx+l +-----END PGP SIGNATURE----- + +--7qbtxbyxqzy7vbbt-- + + +--===============1394484192573658266== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +_______________________________________________ +obnam-dev mailing list +obnam-dev@obnam.org +http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org + +--===============1394484192573658266==-- + |