[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-talk] PASSPHRASE, the environment, memory, etc.
From: |
Neal Clark |
Subject: |
[Duplicity-talk] PASSPHRASE, the environment, memory, etc. |
Date: |
Thu, 12 Apr 2007 16:18:08 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
This is my first post to this list. I am using, or trying to use, or
considering using Duplicity to back up some sensitive data at work. I
have one question in particular.
I don't want anyone but my team to have access to our backup data. I
am in a somewhat funny position, in that the remote file storage
provider we've gone with is owned by the same person who owns the
company where we colocate the machine that is being backed up. So, it
seems that I cannot keep my secret key's passphrase anywhere on the
system that is being backed up. Make sense?
What i've come up with so far is, another machine completely
unaffiliated with either service provider remote shells into the
backup target say, 1 minute before the backup starts, writes the
secret key to /tmp/some_file, and then duplictiy is called as
'PASSPHRASE=`cat /tmp/some_file` duplicity [options] [etc]'
And then delete /tmp/some_file a minute after the backup is scheduled
to start.
So given this way of going about things, my passphrase will reside in
duplicity's environment. Can anyone with more knowledge/experience
than I have tell me, how difficult is it for an attacker to fish my
password out of memory? I'm guessing it resides there the whole time,
since duplicity is apparently calling gpg everytime it cooks up
another 5mb tar file, right?
Basically, I'm just asking your guys' opinion on how I could harden
this setup.
Thanks,
Neal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFGHr4xOUuHw4wCzDMRAmHPAJ9yNytslunGQDrIFeYU92nbG9EIBACgpJq6
eeeev6CCifxNaooQtYjD+Ao=
=jDPW
-----END PGP SIGNATURE-----
- [Duplicity-talk] PASSPHRASE, the environment, memory, etc.,
Neal Clark <=
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Jay Summet, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/13
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/13
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Mark Rose, 2007/04/12