encrypted tapes
Perry E. Metzger
perry at piermont.com
Wed Jun 8 21:31:24 EDT 2005
Dan Kaminsky <dan at doxpara.com> writes:
>>2) The cost in question is so small as to be unmeasurable.
>
> Yes, because key management is easy or free.
In this case it is. As I've said, even having all your tapes for six
months at a time use the same key is better than putting the tapes in
the clear.
If you have no other choice, pick keys for the next five years,
changing every six months, print them on a piece of paper, and put it
in several safe deposit boxes. Hardcode the keys in the backup
scripts. When your building burns to the ground, you can get the tapes
back from Iron Mountain and the keys from the safe deposit box.
No, it isn't ideal, or even very good, but it is a whole lot better
than what most people do now. You aren't safe from a real attacker,
but you're safe from someone that gets their hands on a box of tapes,
and that's way better than nothing.
Good requires a lot more work, but stupid and better than nothing
takes very little. There is little excuse for not doing *something*.
> Also, reliability of encrypted backups is problematic: CBC modes render
> a single fault destructive to the entire dataset.
Er, no. An error in CBC wipes out only the following block. Errors do
not propagate past that in CBC. This is not especially worse than the
situation right now.
However, all of that is immaterial if you're using a tape drive that
compresses, because then you really are screwed if you lose a block,
encryption or not. Most backups are currently done compressed (which I
have to say I think is a bit of a mistake, even if it does save
money...)
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list