Re: Encrypted backups
On Tuesday 13 January 2004 17:17, Marcus Williams wrote:
> On 13/01/2004, Bill wrote:
> > - make sure your kernel support encrypted loopback & your
> > encryption of choice - configure a crypto loop to your tape
> > device
> >
> > losetup -e twofish /dev/loop0 /dev/nst0
>
> Well, you learn a new thing every day. Never thought you could do
> that! What happens with media errors on the tape when you read it
> back?
depends on the cipher mode you use:
if using ECB (electronic codebook mode) every block of size
AES_BLOCK_SIZE (e.g. for AES) is encrypted independently from each
other - then media defects in one block should be a problem _only_
for the current block. Caveat: Statistical analysis are easier
though if well-defined (known plaintext) values occur; refer to [1]
for details.
if using CBC (cipher block chaining mode) you will be more dependent
from media errors because this mode adds a feedback mechanism -
encryption results from previous blocks are taken into account when
calculating the current one (plaintext block is XORed with previous
ciphertext block). I guess that you will lose all blocks starting
from the block having the media defect ;-(
Instead of specifying /dev/nst0 as loopback target device just
specify a local file myfile created with dd if=/dev/zero
of=/tmp/myfile bsize=1024,count=...,skip=...), then you can
simulate tape errors manually by changing the file using a hex
editor - just try to recover afterwards ;-)
Regards,
Klaus
[1] Schneier Bruce: Applied Cryptography. 2nd edition. Chapter 9.
--
Dipl.-Ing. Klaus Holler <gmx.at after kho@>
Reply to: