|
From: | edgar . soldin |
Subject: | Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore? |
Date: | Thu, 14 Jul 2011 10:38:55 +0200 |
User-agent: | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0 |
On 13.07.2011 17:53, Chris Poole wrote: > Neither Duplicity nor Alice would realise that the file had been > altered when she restored it. (Thus, it's very important to sign > backups being stored in untrusted locations.) > > > Or am I missing something? It is provided the public key used is published somewhere or in other ways available to a possible attacker. If you create a keypair just for your backup and keep it on the backup machine and in your secure storage (for restoring) you don't necessarily need it. On the other hand. Currently duplicity needs a private key to work reliably, so signing to it does no harm and can be seen as an extra lock for an intruder to pick. see http://bugs.launchpad.net/duplicity/+bug/687295 ede/duply.net
[Prev in Thread] | Current Thread | [Next in Thread] |