[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Setting the PASSPHRASE inside the duplicity program
Re: [Duplicity-talk] Setting the PASSPHRASE inside the duplicity program itself
Mon, 26 Mar 2007 16:17:28 -0500
Thunderbird 220.127.116.11 (X11/20070306)
Charles Knowlton wrote:
The reason I want the passphrase in the program itself so that if an
intruder were to get into my server
it wouldn't be easy for them do figure it out. If it is directly in the
cron(I plan on running duplicity with cron)
then the intruder could figure it out real easy compared to knowing that
the passphrase is in the program itself
Thanks for helping me out.
If an intruder has physical access, it's theirs. Period
If an intruder has root access, all bets are off. It'll only take a bit
of time to crack the system, unless you're entering the password by
hand on each use, then all they'll need is a keystroke logger.
If an intruder has regular user access, most bets are off in all but the
most hardened systems. Default Linux and Windows do not qualify as
hardened by a long shot.
Bottom line, if the intruder has access to your system, they have
varying speed of access to your secrets, but they will get to them
eventually. Protect the data once outside the system, but the data
inside the system is pretty much the property of whoever has access.
Encrypted file systems only provide limited protection when the power is
off, i.e. when a system is stolen before the intruder has gained access.
Once they have the system, time is on their side.