[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] decryption failure in duplicity replicate

From: edgar . soldin
Subject: Re: [Duplicity-talk] decryption failure in duplicity replicate
Date: Tue, 24 Aug 2021 17:21:08 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1

On 24.08.2021 17:06, Kenneth Loafman wrote:
> Interesting analysis and discussion.
> I don't recall when we removed the check for the same passphrase, but it was 
> removed a few revisions ago because it increased bandwidth use.

can you point me to where you removed such a test? remember we have/had it for 
resumes but for incrementals too?

>I'm thinking we should add it back in again, but instead of testing it by 
>decrypting a file, we should just hash the original and store it in the cache 
>for later comparison.  We could use a strong hash like sha512 and strong 
>permissions on the file.

does feel quirky. we should never do anything with user secrets!

how about an encrypted but small file, specific to the full which must be 
decryptable before doing incrementals? obviously it must never contain the same 
value to protect encryption. or reuse the full's manifest and keep it encrypted 
locally too, to check encryption against.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]