[Discuss] Programming / Crypto question

[Jim Campbell]

Hi Derek,

On Sun, Mar 22, 2015, at 08:32 PM, Derek Pressnall wrote:
> Hey, it was great meeting everyone on Saturday.  To follow up on one
> of our side conversations, I mentioned that I was going to be adding
> crypto support to my open source backup utility (Snebu).  So just a
> couple follow up questions / request for opinions:
> 
> 1) Crypto cipher selection -- using the OpenSSL library, I'd have to
> code up support for specific ciphers.  Which ciphers are worth
> including support for, at least initially?  Was thinking of going off
> the FIPS 140-2 standard, but that limits you to 3DES and AES.  Which
> others should I add in, and in which priority order?
> 
> 2) Recording cipher selection and passphrase/keyfile "fingerprint" in
> metadata on backup server -- Would this leak any information?  i.e.,
> I'd like to identify that all files of a given backup set are
> encrypted with the same key (so during an incremental/snapshot backup,
> the backup server will force a "full" backup if the encryption key
> changes).  To do this, I'd have to include some identifier for the key
> -- this could either be a user-supplied string, or it can be computed
> by taking a one-way hash of the key (on the client) and sending that
> hash to the server.  Any obvious data leakage holes with that?
> 
> Also, for those that didn't get a chance to write it down at the
> meeting, the project page for my Snebu backup is at
> https://github.com/derekp7/snebu and the web site is
> http://www.snebu.com.  Any comments / criticisms / testing feedback
> are welcome.
> 
> Thanks,
> 
> --Derek

It was good to meet you yesterday, as well, and thanks for sharing info
about your project. I'm not sure who on our list would be qualified to
help with this, but I've tried to spread the word.

Hopefully someone will be able to help you here!

Cheers,

Jim