Improving security of encrypted backup/restoreForum: DSL Ideas and Suggestions Topic: Improving security of encrypted backup/restore started by: WDef Posted by WDef on Sep. 16 2005,08:47
The backup/restore process is one of dsl's most useful features. Robert's work on dsl is awe inspiring. That said, here are some ideas::Currently in dsl-1.5 using "protect", the backup/restore script filetool.sh temporarily writes backup.tar.gz to the backup device in plaintext before encrypting and after decrypting. This means an attacker gaining control of the backup device might recover all or part of the unencrypted tarball using appropriate tools. Also, if an incorrect password is entered twice at the prompts during boot time, decryption fails but the incorrect password nevertheless remains stored in /etc/sysconfig/des. On subsequently backing up, or just rebooting with the default powerdown.sh, the non-restored system gets backed up and encrypted with the incorrect password, replacing the needed backup.des. I've hacked the scripts slightly to try fixes for these issues. Named pipes are used to communicate between des and tar, thus avoiding writing plaintext temp files to the backup medium, and /etc/sysconfig/des gets deleted if decryption fails. You can test these, strictly AYOR. For convenience I packaged the altered scripts as an extension - note this must be put on your mydsl drive and autoloaded *during* boot (NOT after). Download (r click, "save as") < here > md5sum is c83ce8296f5812dc78b04cf701e5912c (check it). These are unofficial experiments, don't use to backup/restore critical data. Behavior differs from that of the standard scripts. Make copies of your backup tarballs beforehand. Posted by mikshaw on Sep. 16 2005,13:28
While I have little interest in the subject at hand, it's nice to see people with the knowledge and desire to hack up DSL. Please feel free to share more ideas in the future =o)
Posted by roberts on Sep. 16 2005,16:42
Thanks for the kind words, WDef. Sometimes it seems like thanks or kind words are few and far between. Sometimes, because I don't post often, not in irc much, many may not even know of my efforts. I do code everything in script, be it bash, lua, or luafltk so that others like yourself can easily read them. I thank you for taking the interest and time to do such and even more so for sharing your thoughts and improvements. Look for your named pipes for enhanced security to be included in the next release.Robert Posted by RoGuE_StreaK on Sep. 17 2005,01:12
Don't worry, we all love you Robert
Posted by adssse on Sep. 17 2005,04:32
WDef, I am really impressed I had no idea how that all worked, thanks for sharing.Robert, I think we all have alot of respect for you, we probably just dont express our thanks as much as we should. Posted by Bert on Sep. 17 2005,08:46
Those fixes are very important, man. Well done and thanks!
Posted by WDef on Sep. 17 2005,08:57
Thanks for the thanks Robert - I'm only too glad to be of assistance. |