[Discuss] Programming / Crypto question

[Derek Pressnall]

Hey, it was great meeting everyone on Saturday.  To follow up on one
of our side conversations, I mentioned that I was going to be adding
crypto support to my open source backup utility (Snebu).  So just a
couple follow up questions / request for opinions:

1) Crypto cipher selection -- using the OpenSSL library, I'd have to
code up support for specific ciphers.  Which ciphers are worth
including support for, at least initially?  Was thinking of going off
the FIPS 140-2 standard, but that limits you to 3DES and AES.  Which
others should I add in, and in which priority order?

2) Recording cipher selection and passphrase/keyfile "fingerprint" in
metadata on backup server -- Would this leak any information?  i.e.,
I'd like to identify that all files of a given backup set are
encrypted with the same key (so during an incremental/snapshot backup,
the backup server will force a "full" backup if the encryption key
changes).  To do this, I'd have to include some identifier for the key
-- this could either be a user-supplied string, or it can be computed
by taking a one-way hash of the key (on the client) and sending that
hash to the server.  Any obvious data leakage holes with that?

Also, for those that didn't get a chance to write it down at the
meeting, the project page for my Snebu backup is at
https://github.com/derekp7/snebu and the web site is
http://www.snebu.com.  Any comments / criticisms / testing feedback
are welcome.

Thanks,

--Derek