[Duplicity-talk] PASSPHRASE, the environment, memory, etc.

[Neal Clark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

This is my first post to this list. I am using, or trying to use, or  
considering using Duplicity to back up some sensitive data at work. I  
have one question in particular.

I don't want anyone but my team to have access to our backup data. I  
am in a somewhat funny position, in that the remote file storage  
provider we've gone with is owned by the same person who owns the  
company where we colocate the machine that is being backed up. So, it  
seems that I cannot keep my secret key's passphrase anywhere on the  
system that is being backed up. Make sense?

What i've come up with so far is, another machine completely  
unaffiliated with either service provider remote shells into the  
backup target say, 1 minute before the backup starts, writes the  
secret key to /tmp/some_file, and then duplictiy is called as

'PASSPHRASE=`cat /tmp/some_file` duplicity [options] [etc]'

And then delete /tmp/some_file a minute after the backup is scheduled  
to start.

So given this way of going about things, my passphrase will reside in  
duplicity's environment. Can anyone with more knowledge/experience  
than I have tell me, how difficult is it for an attacker to fish my  
password out of memory? I'm guessing it resides there the whole time,  
since duplicity is apparently calling gpg everytime it cooks up  
another 5mb tar file, right?

Basically, I'm just asking your guys' opinion on how I could harden  
this setup.

Thanks,
Neal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGHr4xOUuHw4wCzDMRAmHPAJ9yNytslunGQDrIFeYU92nbG9EIBACgpJq6
eeeev6CCifxNaooQtYjD+Ao=
=jDPW
-----END PGP SIGNATURE-----