1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221])
by pieni.net (Postfix) with ESMTPS id B258E44F02
for <distix@pieni.net>; Mon, 3 Jul 2017 05:05:53 +0000 (UTC)
Received: from platypus.pepperfish.net (unknown [10.112.101.20])
by yaffle.pepperfish.net (Postfix) with ESMTP id 6DD4041C94;
Mon, 3 Jul 2017 06:05:53 +0100 (BST)
Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1dRtYX-0005gP-Dd; Mon, 03 Jul 2017 06:05:53 +0100
Received: from [10.112.101.21] (helo=inmail2.pepperfish.net)
by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian))
id 1dRtYV-0005gB-RN
for <obnam-dev@obnam.org>; Mon, 03 Jul 2017 06:05:51 +0100
Received: from koom.pieni.net ([88.99.190.206] helo=pieni.net)
by inmail2.pepperfish.net with esmtps
(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
(envelope-from <liw@liw.fi>) id 1dRtYT-0003yB-9M
for obnam-dev@obnam.org; Mon, 03 Jul 2017 06:05:51 +0100
Received: from exolobe3.liw.fi (82-181-57-241.bb.dnainternet.fi
[82.181.57.241]) by pieni.net (Postfix) with ESMTPSA id 9CB7F415C2;
Mon, 3 Jul 2017 05:05:42 +0000 (UTC)
Received: from liw.fi (localhost [127.0.0.1])
by exolobe3.liw.fi (Postfix) with ESMTPS id 872001200D0;
Mon, 3 Jul 2017 08:05:41 +0300 (EEST)
Date: Mon, 3 Jul 2017 08:05:40 +0300
From: Lars Wirzenius <liw@liw.fi>
To: Wladimir Palant <gtiobnam@palant.de>
Message-ID: <20170703050540.p5co243yxedvsaca@liw.fi>
References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
MIME-Version: 1.0
In-Reply-To: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Pepperfish-Transaction: 17ce-3045-f19b-6deb
X-Spam-Score: -3.4
X-Spam-Score-int: -33
X-Spam-Bar: ---
X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 06:05:51 +0100
X-Spam-Report: Content analysis details: (-3.4 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.5 PPF_USER_AGENT User-Agent: exists
-1.0 PPF_USER_AGENT_MUTT User-Agent: contains Mutt (Mutt isn't a spam
tool)
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-ACL-Warn: message may be spam
X-Scan-Signature: ead9a2b6d4436a72c03b49bb9387508d
Cc: obnam-dev@obnam.org
Subject: Re: [rfc] Passphrase-based encryption
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1394484192573658266=="
Mime-version: 1.0
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
--===============1394484192573658266==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="7qbtxbyxqzy7vbbt"
Content-Disposition: inline
--7qbtxbyxqzy7vbbt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 03, 2017 at 12:14:44AM +0200, Wladimir Palant wrote:
> Hi,
>=20
> with GPG being great and all that, I'd still prefer having the option to =
use
> a plain passphrase and AES encryption with obnam. IMHO, this approach has
> two advantages:
>=20
> * Considerably simpler setup, you merely need to come up with a high-entr=
opy
> passphrase.
> * Much easier to back up - you don't need to worry about losing the
> passphrase due to a hard drive crash. If you are afraid of forgetting it,
> then writing it down and keeping somewhere safe will do.
If you want this, you should write a plugin that adds symmetric
encryption in addition to the PGP based on that Obnam currently
provides. You should probably do it by only encrypting the symmetric
encryption key that PGP encrypts. This would allow PGP and symmetric
to be used on the same repo by different clients.
I am afraid, however, that I am unlikely to accept the plugin into
Obnam proper, since I don't think it makes things better. It's true
that it will probably be easier to set up, but at the cost of more
difficult key management.
Backing up small files such as PGP keys is so easy I don't agree with
that part of your argument. It's a matter of a few kilobytes. You
could put the key into a QR code and print it on paper.
Also, environment variables can be read by other processes, just like
command line arguments can be. See /proc/*/environ. The environ files
are only readable by the owner, but it's still not a way to pass
secrets, in my opinion. Defense in depth, and all that.
> * The current encryption plugin will use /dev/random rather than
> /dev/urandom by default.
Since 1.20 (October 2010) the default is /dev/urandom.
--=20
I want to build worthwhile things that might last. --joeyh
--7qbtxbyxqzy7vbbt
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETNTnrewG6wEE1EJ3bC+mFux6IDEFAllZ0KMACgkQbC+mFux6
IDFF9hAArBHn3l/cnizZqcmvzAzZUoqGcORXRhgJP2nzFIqF+cVRduWDwaYpOheF
UqBDUF2emxdBKmDwTg/ydptWFgC5o5rO4xo1DVTMT23HZZHEYdKCtUhH+QTUUJyO
EUKuOpP9CAUXGOBmhnP1FeLC6Q0BaUprQVZaPWX5ULFy5n7cav/piRChQJ0bheq7
6E32te9lIJsQNtnrjwlevdNt7u14WpzCPRi/Mwl7LoNuYdtZY+ubGIhNSlfJQp3N
ERUU4oAFM9iaRlXIf24vbziGFEa01pCOSqpxO0nvKk/OjIvn8Nc++5wcgDqE5ouP
A1RnMlE/mdPR/Gh8FtVrHOxk5Icx5aA3ApwzY9Br6XXf39XhsYD5lSxeGOWAOQhP
VvtD/flXBeL9pRimMHMDaxLHmkv2JfpB9EhmSmO1G5N/Yz/e1O9Qej+sv8M85y7Y
dONaiQsS2fEAMky9kn+01UR2xXSrhxeXBbT6mavbd1F7CR/GXiU/pe4CsURj7z8K
vNS9UwdsGLICgpi59TTd7J/UxieBkn8XYq904X1Zt7Zl7QE7gdk/dDTg9AzikRTy
tmcBVQ7xDeP7EeOlRJ7aFZcj3LbwoY4kfsvV7oJocd5xdiCF/HruUKxfoHtmigQv
OUHw/Xlvi075ekz2o2Woc52+Pvv0Z8NPAWpgNaj2guf+q1wZ2SE=
=nx+l
-----END PGP SIGNATURE-----
--7qbtxbyxqzy7vbbt--
--===============1394484192573658266==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
--===============1394484192573658266==--
|
