[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] decryption failure in duplicity replicate

From: Kenneth Loafman
Subject: Re: [Duplicity-talk] decryption failure in duplicity replicate
Date: Tue, 24 Aug 2021 10:55:03 -0500

On Tue, Aug 24, 2021 at 10:23 AM edgar.soldin--- via Duplicity-talk <duplicity-talk@nongnu.org> wrote:
On 24.08.2021 17:06, Kenneth Loafman wrote:
> Interesting analysis and discussion.
> I don't recall when we removed the check for the same passphrase, but it was removed a few revisions ago because it increased bandwidth use.

can you point me to where you removed such a test? remember we have/had it for resumes but for incrementals too? 

Don't remember where the test was.  What I remember is that we changed the log level from Fatal to Error and just left it there to warn the user.  Maybe in dup_collections/get_remote_manifest.

>I'm thinking we should add it back in again, but instead of testing it by decrypting a file, we should just hash the original and store it in the cache for later comparison.  We could use a strong hash like sha512 and strong permissions on the file.

does feel quirky. we should never do anything with user secrets!

how about an encrypted but small file, specific to the full which must be decryptable before doing incrementals? obviously it must never contain the same value to protect encryption. or reuse the full's manifest and keep it encrypted locally too, to check encryption against.

Still would have to have a cleartext available for comparison and that would weaken the encryption.

I like the hash approach as it's nonreversible. It's no weaker than the /etc/passwd file, so should be acceptable.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]