Where are all the secrets kept? Re: Partially encrypted backup?

To: debian-user@lists.debian.org
Subject: Where are all the secrets kept? Re: Partially encrypted backup?
From: Hendrik Boom <hendrik@topoi.pooq.com>
Date: Tue, 7 May 2013 21:24:53 -0400
Message-id: <[🔎] 20130508012453.GA5540@topoi.pooq.com>
In-reply-to: <[🔎] 1367951649.4622.15.camel@tagesuhu-pc>
References: <[🔎] km8kvs$6s8$2@ger.gmane.org> <[🔎] 20130506150400.635996bb934f65559cb16948@gmail.com> <[🔎] kmb1u3$juc$1@ger.gmane.org> <[🔎] 1367951649.4622.15.camel@tagesuhu-pc>

On Tue, May 07, 2013 at 03:34:09PM -0300, André Nunes Batista wrote:
> I do not know your level of expertise and if your somewhat abstract
> description of the trust issue is a demonstration of high-level
> understanding of Unix file system tree + encryption + networks or just
> playful thought.

I spent a while looking around with find -perm and concluded that there are 
lots of world-unreadable files that need no very special treatment -- in 
cact, just leaving the out of the backup would do fine -- things like 
browser caches.  using find -perm to make a list of files to be 
encrypted and feeding it into rsync-backup doesn't look great.  I wonder 
just how many exceptions rdiff-backup will tolerate.  Hundreds of 
thousands?

> 
> That in mind, if you are not running a cluster of servers, it would be
> doable using duplicity and the list of "public" directories or rather
> "private" ones. That, assuming you at least have a vague idea of which
> files you wish to remain unencrypted/encrypted an is not looking for a
> file permissions aware general solution. For this, you could use
> duplicity --include "$SHELL_PATTERN" or --exclude "$SHELL_PATTERN".

It looks as if I'm going to have to identify the private things  
explicitly, by hand.  And I'll probably miss one and have a potential 
security leak.  Let's see.  Private keys are kept by ssh, by monotone, 
... maybe a few more.  monotone keeps them encrypted with a passphrase, 
so that's already OK.  Except in the monotone server, where it's kept in 
a read-protected script.  Not so sure of ssh.  Where does it keep the 
stuff?   And the the browsers have password stores.  How do they keep 
the passwords out of sight?  Or do they?  Chromium aske me for a 
password to access the password store.  But I don't remember firefox 
doing the same.

> BTW, duplicity uses rdiff as a backend so if you wish to keep previous
> rdiff backups,

rdiff-backup keeps old and new backups using some kind of backwward 
differencing.  It's not just a matter of using rdiff or rsync to copy 
things over.

> I am guessing you could make duplicity aware of them, but
> this is just a wild guess. 
> 
> -- 
> -- André Nunes Batista
> 
> 

Delivered-To: andrenbatista@gmail.com
Received: by 10.58.74.134 with SMTP id t6csp93524vev; Tue, 7 May 2013
 07:10:06 -0700 (PDT)
X-Received: by 10.14.100.1 with SMTP id y1mr5917811eef.9.1367935805939;
 Tue, 07 May 2013 07:10:05 -0700 (PDT)
Return-Path: <bounce-debian-user=andrenbatista=gmail.com@lists.debian.org>
Received: from bendel.debian.org (bendel.debian.org.
 [2001:41b8:202:deb:216:36ff:fe40:4002]) by mx.google.com with ESMTPS id
 43si34769337eel.253.2013.05.07.07.10.05 for <andrenbatista@gmail.com>
 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 07 May 2013 07:10:05
 -0700 (PDT)
Received-SPF: pass (google.com: manual fallback record for domain of
 bounce-debian-user=andrenbatista=gmail.com@lists.debian.org designates
 2001:41b8:202:deb:216:36ff:fe40:4002 as permitted sender)
 client-ip=2001:41b8:202:deb:216:36ff:fe40:4002;
Authentication-Results: mx.google.com; spf=pass (google.com: manual
 fallback record for domain of
 bounce-debian-user=andrenbatista=gmail.com@lists.debian.org designates
 2001:41b8:202:deb:216:36ff:fe40:4002 as permitted sender)
 smtp.mail=bounce-debian-user=andrenbatista=gmail.com@lists.debian.org
Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org
 (Postfix) with QMQP id 77A0C9B5; Tue,  7 May 2013 14:10:03 +0000 (UTC)
Old-Return-Path: <gldu-debian-user-2@m.gmane.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on bendel.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-11.0 required=4.0
 tests=LDOSUBSCRIBER,LDO_WHITELIST, T_RP_MATCHES_RCVD autolearn=unavailable
 version=3.3.2
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org
 (Postfix) with ESMTP id 0A62C9A8 for <lists-debian-user@bendel.debian.org>;
 Tue,  7 May 2013 14:09:52 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-7.01 tagged_above=-10000 required=5.3
 tests=[BAYES_00=-2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001,
 T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from bendel.debian.org ([127.0.0.1]) by localhost
 (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id
 DmgWS4MS1aUH for <lists-debian-user@bendel.debian.org>; Tue,  7 May 2013
 14:09:42 +0000 (UTC)
X-policyd-weight: using cached result; rate:hard: -6.1
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1
 with cipher AES256-SHA (256/256 bits)) (Client did not present a
 certificate) by bendel.debian.org (Postfix) with ESMTPS id 9F06C6B3 for
 <debian-user@lists.debian.org>; Tue,  7 May 2013 14:09:42 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <gldu-debian-user-2@m.gmane.org>) id 1UZiaE-0001a2-Ab for
 debian-user@lists.debian.org; Tue, 07 May 2013 16:09:34 +0200
Received: from topoi.pooq.com ([69.165.131.134]) by main.gmane.org with
 esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for
 <debian-user@lists.debian.org>; Tue, 07 May 2013 16:09:34 +0200
Received: from hendrik by topoi.pooq.com with local (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00 for <debian-user@lists.debian.org>; Tue, 07 May 2013
 16:09:34 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: debian-user@lists.debian.org
From: Hendrik Boom <hendrik@topoi.pooq.com>
Subject: Re: Partially encrypted backup?
Date: Tue, 7 May 2013 14:09:08 +0000 (UTC)
Lines: 37
Message-ID: <[🔎] kmb1u3$juc$1@ger.gmane.org>
References: <[🔎] km8kvs$6s8$2@ger.gmane.org>
	 <[🔎] 20130506150400.635996bb934f65559cb16948@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: topoi.pooq.com
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
 git://git.gnome.org/pan2)
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <Cyc1kQ2B_BM.A.1vD.7sQiRB@bendel>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/650549
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe:
 <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe:
 <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Tue,  7 May 2013 14:10:03 +0000 (UTC)
Content-Transfer-Encoding: quoted-printable
> 
> On Mon, 06 May 2013 15:03:59 -0400, Celejar wrote:
> 
> > On Mon, 6 May 2013 16:15:56 +0000 (UTC)
> > Hendrik Boom <hendrik@topoi.pooq.com> wrote:
> > 
> >> I'm currently using rdiff-backup onto removable USB drives for backup. 
> >> I don not encrypt them now because I'm terrified of losing the
> >> encryption key and hence losing access to my backups.
> >> 
> >> I'm planning to trade backup drives with an acquaintance for off-site
> >> backups.  I trust her, but I don't trust not every random person who
> >> lives in her house or visits.
> >> 
> >> Is there any way of doing the backup partially encrypted so that files
> >> are encrypted only if not world-readable?
> > 
> > Perhaps use the 'find' command with the '-perm' argument to generate
> > lists of files that are and are not world readable, and pipe the outputs
> > to the backup program with the appropriate invocations? I'm not a find
> > guru, so I won't try to give the syntax, and I can't judge the level of
> > performance hit that doing it this way will engender.
> > 
> 
> hendrik@april:~$ find . ! -perm /044 | wc
>   35299   39286 1503506
> hendrik@april:~$ 
> 
> There seem to be rather a lot of them.
> 
> A lot seem to be cached stuff from browsers and other programs, which 
> don't need to be backed up at all, let alone encrypted.  But there are 
> files containing ssh IDs and the like, private keys for digital 
> signatures, and those really do need to be backed up, but not in 
> plaintext.  Where do the browsers keep this information?  What other 
> programs keep this kind of information?
> 
> -- hendrik
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] kmb1u3$juc$1@ger.gmane.org">http://lists.debian.org/[🔎] kmb1u3$juc$1@ger.gmane.org
>

Reply to:

Follow-Ups:
- Re: Where are all the secrets kept? Re: Partially encrypted backup?
  - From: Celejar <celejar@gmail.com>
- Re: Where are all the secrets kept? Re: Partially encrypted backup?
  - From: André Nunes Batista <andrenbatista@gmail.com>

References:
- Partially encrypted backup?
  - From: Hendrik Boom <hendrik@topoi.pooq.com>
- Re: Partially encrypted backup?
  - From: Celejar <celejar@gmail.com>
- Re: Partially encrypted backup?
  - From: Hendrik Boom <hendrik@topoi.pooq.com>
- Re: Partially encrypted backup?
  - From: André Nunes Batista <andrenbatista@gmail.com>

Prev by Date: Re: wu-ftp substitute
Next by Date: Install from iso (no disc burn)
Previous by thread: Re: Partially encrypted backup?
Next by thread: Re: Where are all the secrets kept? Re: Partially encrypted backup?
Index(es):
- Date
- Thread