[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
|
From: |
Mark Rose |
|
Subject: |
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc. |
|
Date: |
Thu, 12 Apr 2007 18:23:18 -0600 |
|
User-agent: |
KMail/1.9.6 |
On Thursday 12 April 2007 5:18:08 pm Neal Clark wrote:
> Hi all,
>
> This is my first post to this list. I am using, or trying to use, or
> considering using Duplicity to back up some sensitive data at work. I
> have one question in particular.
>
> I don't want anyone but my team to have access to our backup data. I
> am in a somewhat funny position, in that the remote file storage
> provider we've gone with is owned by the same person who owns the
> company where we colocate the machine that is being backed up. So, it
> seems that I cannot keep my secret key's passphrase anywhere on the
> system that is being backed up. Make sense?
>
> What i've come up with so far is, another machine completely
> unaffiliated with either service provider remote shells into the
> backup target say, 1 minute before the backup starts, writes the
> secret key to /tmp/some_file, and then duplictiy is called as
>
> 'PASSPHRASE=`cat /tmp/some_file` duplicity [options] [etc]'
>
> And then delete /tmp/some_file a minute after the backup is scheduled
> to start.
>
> So given this way of going about things, my passphrase will reside in
> duplicity's environment. Can anyone with more knowledge/experience
> than I have tell me, how difficult is it for an attacker to fish my
> password out of memory? I'm guessing it resides there the whole time,
> since duplicity is apparently calling gpg everytime it cooks up
> another 5mb tar file, right?
>
> Basically, I'm just asking your guys' opinion on how I could harden
> this setup.
You should look into ssh-agent. That would allow you to keep the private keys
on your local workstation. When you log into a remove machine, you have the
access to the same private keys as you do on your local workstation, so you
can then log into the backup machine, without storing the private key on the
primary server. Operations requiring the private key are sent back to your
workstation and the results returned. I'm not sure if duplicity supports this
out of the box, but it's certainly more secure than trying to hide the
passphrase in a readable location!
Also, as a further note to the conversation, it's not a good idea to store the
private key with the data, as doing so allows an attacker to corrupt your
backup data, too. Storing it separately (say, on your local machine) prevents
that.
Mark
- [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Jay Summet, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/13
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/13
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.,
Mark Rose <=
- Prev by Date:
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
- Next by Date:
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
- Previous by thread:
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
- Next by thread:
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
- Index(es):