[Discuss] Programming / Crypto question

eviljoel eviljoel at linux.com
Tue Mar 24 01:44:23 UTC 2015


Hello Derek,

Concerning 1, don't use 3DES. The original DES was arguably designed to
be crackable by the NSA. Although still considered secure, 3DES might
also suffer from the same flaws. However, 3DES is old and outdated. I
don't think newer software supports it.

AES is the predominate industry standard symmetric encryption algorithm.
It won the AES competition because of it has a good speed/security trade
off. There are more secure algorithms that are slower. I forget the name
but look up two-fish or blow-fish. One of those two are generally
considered more secure than AES.

Concerning 2, that sounds dangerous. Hash algorithms are designed to be
fast which would allow someone who obtains the hash to guess the
passphrase relatively quickly. Putting the passphrase through the hash
algorithm for 1000 milliseconds would be a better idea but now you are
starting to get into rolling your own crypto. You should really use
another identifier to kick off your full backup.

You might want to join the Chicago Cryptoparty list. There is at least
one person on there who knows more about crypto than me:
http://groups.sshchicago.org/mailman/listinfo/cryptoparty-chi

- eviljoel

On 03/22/2015 08:32 PM, Derek Pressnall wrote:
> Hey, it was great meeting everyone on Saturday.  To follow up on one
> of our side conversations, I mentioned that I was going to be adding
> crypto support to my open source backup utility (Snebu).  So just a
> couple follow up questions / request for opinions:
> 
> 1) Crypto cipher selection -- using the OpenSSL library, I'd have to
> code up support for specific ciphers.  Which ciphers are worth
> including support for, at least initially?  Was thinking of going off
> the FIPS 140-2 standard, but that limits you to 3DES and AES.  Which
> others should I add in, and in which priority order?
> 
> 2) Recording cipher selection and passphrase/keyfile "fingerprint" in
> metadata on backup server -- Would this leak any information?  i.e.,
> I'd like to identify that all files of a given backup set are
> encrypted with the same key (so during an incremental/snapshot backup,
> the backup server will force a "full" backup if the encryption key
> changes).  To do this, I'd have to include some identifier for the key
> -- this could either be a user-supplied string, or it can be computed
> by taking a one-way hash of the key (on the client) and sending that
> hash to the server.  Any obvious data leakage holes with that?
> 
> Also, for those that didn't get a chance to write it down at the
> meeting, the project page for my Snebu backup is at
> https://github.com/derekp7/snebu and the web site is
> http://www.snebu.com.  Any comments / criticisms / testing feedback
> are welcome.
> 
> Thanks,
> 
> --Derek
> 
> _______________________________________________
> discuss mailing list
> discuss at lists.chicagolug.org
> http://lists.chicagolug.org/cgi-bin/mailman/listinfo/discuss
> 

-- 
Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
A2BE 2D12 24D1 67CA 8830  DDE7 DFB3 676B 196D 6430

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chicagolug.org/pipermail/discuss/attachments/20150323/ff5f0011/attachment-0002.sig>


More information about the discuss mailing list