Backup Encryption Choice
Forum: DSL Ideas and Suggestions
Topic: Backup Encryption Choice
started by: s.wang1994
Posted by s.wang1994 on May 07 2008,00:30Is there a way to make the backup be encrypted with an algorithm other than blowfish. Alowing users to switch to something else like serpent or AES would be nice.
Posted by lucky13 on May 07 2008,02:18There are several encryption extensions in MyDSL if you're not satisfied with what's included in the base. If DSL were to include alternatives for everything in the base, it wouldn't be small anymore.
Posted by curaga on May 07 2008,14:19And blowfish is a definite improvement over the previous 3des.
Posted by WDef on May 08 2008,11:30Not sure I'd entirely agree with that.
bcrypt is smaller and faster perhaps but it doesn't work in a pipe so dsl is currently writing unencrypted plaintext to disk before encrypting it, then using bcrypt's overwriting feature to overwrite the plaintext. For strong security, the unencrypted data should never get written to disk in the first place, since (especially on very old drives) overwriting a few times may not prevent recovery of the data, especially when attacked with the right resources, which are not expensive.
Also, bcrypt has not been maintained for a long time. For any program related to security, that is not so good.
In my reading flaws in the algorithm itself are much less likely these days than common flaws in implementation, as far as vulnerabilities go. Writing to disk in plaintext has to be considered a problematic implementation.
My $0.02 worth.