Return-Path: X-Original-To: distix@pieni.net Delivered-To: distix@pieni.net Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) by pieni.net (Postfix) with ESMTPS id 3533944667 for ; Mon, 3 Jul 2017 07:48:57 +0000 (UTC) Received: from platypus.pepperfish.net (unknown [10.112.101.20]) by yaffle.pepperfish.net (Postfix) with ESMTP id E317941CB0; Mon, 3 Jul 2017 08:48:56 +0100 (BST) Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) id 1dRw6K-0006KZ-TD; Mon, 03 Jul 2017 08:48:56 +0100 Received: from [10.112.101.21] (helo=inmail2.pepperfish.net) by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian)) id 1dRw6J-0006KJ-Oe for ; Mon, 03 Jul 2017 08:48:55 +0100 Received: from palant.de ([88.198.212.187]) by inmail2.pepperfish.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1dRw6I-0004XF-6M for obnam-dev@obnam.org; Mon, 03 Jul 2017 08:48:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palant.de; s=dkim201610; h=Sender:Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=5kIig9Lgimvik+7aDCwa+8S1dQQicZbc/GVYcVWnHFQ=; b=vkXkGO3fRxS+52kdFmkKIxIbFM UaJ5m/wI/k305DQDUVaM0gW6JAoFFv269HXOHszmmL7OhEuLGGm+5B0R8mz8WEjgSSYIVQi+ycXDZ 3FtZKsLxmxgpBYo/bXVdhHPGu5fk+466qqaDgVQj9JKoaCtyrxm1gsGcKeiNjPAZ6KTg=; To: Lars Wirzenius References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> <20170703050540.p5co243yxedvsaca@liw.fi> From: Wladimir Palant Message-ID: <23949c28-f4b0-04bb-d4b8-c6569c94820b@palant.de> Date: Mon, 3 Jul 2017 09:48:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <20170703050540.p5co243yxedvsaca@liw.fi> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pepperfish-Transaction: 77be-bdaa-a662-de06 X-Spam-Score: -3.1 X-Spam-Score-int: -30 X-Spam-Bar: --- X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 08:48:55 +0100 X-Spam-Report: Content analysis details: (-3.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.4 PPF_WINDOWS_CHARSET Content-Type is in a Windows-* charset -0.5 PPF_USER_AGENT User-Agent: exists -1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-ACL-Warn: message may be spam X-Scan-Signature: 7f2245552c28d1e693ee8fc7a1f06879 Cc: obnam-dev@obnam.org Subject: Re: [rfc] Passphrase-based encryption X-BeenThere: obnam-dev@obnam.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Obnam development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: obnam-dev-bounces@obnam.org Errors-To: obnam-dev-bounces@obnam.org On 03.07.2017 07:05, Lars Wirzenius wrote: > If you want this, you should write a plugin that adds symmetric > encryption in addition to the PGP based on that Obnam currently > provides. You should probably do it by only encrypting the symmetric > encryption key that PGP encrypts. This would allow PGP and symmetric > to be used on the same repo by different clients. Not really worth it as long as I'm the only one using that plugin, I'd rather stay with my simple approach then. > I am afraid, however, that I am unlikely to accept the plugin into > Obnam proper, since I don't think it makes things better. It's true > that it will probably be easier to set up, but at the cost of more > difficult key management. No problem, if it isn't a good match for the overall concept then so be it. > Backing up small files such as PGP keys is so easy I don't agree with > that part of your argument. It's a matter of a few kilobytes. You > could put the key into a QR code and print it on paper. My thought was rather encrypting it with a passphrase and storing next to the actual backup. Doing this correctly turned out non-trivial, with both GPG's own passphrase encryption and OpenSSL's enc tool using suboptimal key derivation to say the least. > Also, environment variables can be read by other processes, just like > command line arguments can be. See /proc/*/environ. The environ files > are only readable by the owner, but it's still not a way to pass > secrets, in my opinion. Defense in depth, and all that. There aren't too many ways to pass secrets and AFAIK none of them will protect against other processes running with the same privileges. For example, you could require the passphrase to be stored in a file readable only by the owner - but this protection will be equivalent to the way /proc/*/environ is protected (or GPG keys for that matter). regards Wladimir _______________________________________________ obnam-dev mailing list obnam-dev@obnam.org http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org