Hacker Read

cyphar · 2019-01-20 02:09:46+00:00

I'm not sure why you'd want PFS for backups. The idea of backups is that you have a history (not just a simple mirror) and so having PFS intentionally renders older backups unusable (unless you're storing all the keys -- in which case you have somewhat defeated the point of PFS).

Now, PFS would allow you to handle key compromise by making future backups unreadable. But there are other solutions for this (such as upgradeable encryption).

reply

walterbell | karma 84571 | avg karma 5.55 · | 2019-01-19 19:41:51

> Encrypted offsite backups should have forward secrecy. So different keys for each file and keys file gets backed up encrypted.

Any references on PFS for backups? Was there no existing OSS backup solution that implements PFS?

reply

xmodem | karma 1264 | avg karma 2.86 · | 2020-11-28 15:28:05+00:00

I'm currently writing my own backup tool because of one feature I want that nothing else seems to have. In my opinion, it's not enough to distrust the server where the backups are stored. The client should also not need to keep around a key that can be used to decrypt the backups for the purpose of encrypting new backups.

This is quite easy to accomplish with public key cryptography - just use a new, random AES key for each backup job, then encrypt that with a public key you keep around. The private key can be stored offline in cold storage.

reply

chrisbolt | karma 1972 | avg karma 2.64 · | 2011-04-20 16:10:06

There is an option to encrypt backups.

yitzchok | karma 1 | avg karma 1.0 · | 2018-04-13 14:56:26+00:00

Backups should also be stored and encrypted using the same technique so that you can just delete the key and so access to the data isn't possible.

ex3ndr | karma 988 | avg karma 1.4 · | 2018-06-01 04:27:17+00:00

Backups are encrypted.

StavrosK | karma 1 | avg karma 0.0 · | 2013-05-02 07:03:47

If you only want a backup, why can't you create a read-only key and send that to the backup host?

mynameishere | karma 6317 | avg karma 1.61 · | 2007-11-27 22:26:10+00:00

I could see it for encrypted backups only.

secondChrome | karma 41 | avg karma 4.56 · | 2012-12-28 23:03:45+00:00

...encrypted backups...

ocdtrekkie | karma 24767 | avg karma 2.6 · | 2015-08-26 17:33:32

Backups are much more practical to encrypt and put in the cloud than the software you're actively using. Though hopefully the software we're actively using can be encrypted too.

nostromo | karma 47008 | avg karma 10.15 · | 2021-08-28 15:15:56

Encrypted backups should be a user option at the very least.

onli | karma 8293 | avg karma 3.7 · | 2016-06-02 13:07:39+00:00

Every client would need to make its own backups, automatically. In such a situation it would be probably best to have two backups, those plus a backup of the encrypted data for the clients that fail to do the backups on their own. But you raise a good point: That's difficult to do.

bcjordan | karma 2344 | avg karma 5.3 · | 2022-08-31 20:56:24

Something about the idea of being able to back things up on multiple remote target storage services sounds extra compelling. Simple encryption with robust backup for e.g. text notes.

oakwhiz | karma 1135 | avg karma 2.07 · | 2016-07-25 02:37:14+00:00

Backups of keys are a lot smaller and fit on USB flash drives and CDs. So in practice keeping encrypted backups with multiple keys is easier to deal with

scott_karana | karma 3540 | avg karma 1.9 · | 2016-09-23 10:10:32

Do you mean FDE?

Because an unprivileged account compromise could still get access to your backups in that case.

GPG or TrueCrypt-like would be the way to go there.

reply

jwr | karma 18835 | avg karma 6.7 · | 2012-08-21 09:11:48+00:00

What's even more important, you will be able to encrypt your backups without having to disclose the encryption key in case you ever need to restore (client-side encryption and decryption). This is not the case with Backblaze, which is why I switched to CrashPlan — but I'm still looking for other solutions.

blattimwind | karma 8132 | avg karma 3.26 · | 2018-09-16 16:32:19

Asymmetric crypto for backups feels overrated to me.

The "write-only mode" argument makes sense, if the backup target holds data from other nodes, but that doesn't require asymmetric crypto.

The "shouldn't be able to read own backups by default because what if it's hacked" argument doesn't seem to hold much water to me, because the most valuable secrets will generally be those in active use on the machine.

reply

AnthonyMouse | karma 32571 | avg karma 2.49 · | 2021-12-03 09:58:27

You mean assuming they don't get your private key from the backups.

But then you want to encrypt all the backups and not just the private key, right?

reply

SahAssar | karma 5923 | avg karma 2.35 · | 2021-01-08 15:47:53+00:00

I thought the backups were unencrypted (or encrypted with a key that was specific to backups) for that exact purpose.

zndr | karma 105 | avg karma 3.62 · | 2020-01-20 10:48:44

A seccond PW manager? Not necessary, an offline backup? Great idea. Most PW managers allow you to export in some way shape or form. Doing so and encrypting said file is a great idea, but also something that's hard to do enough for most people that I don't have a good solution.