[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Revocation



Matthias-Christian Ott wrote:
> as far as I unsterstood it, tarsnap uses symmetric keys for signing and
> hashing data. You can submit the key to the server to authenticate
> to the server and ensure that the data is transfered correctly.
> This sounds very reasonable and secure to me.

You may be mixing up two different things here.  Tarsnap uses asymmetric
keys (to be specific, RSA) to sign and encrypt data; but uses symmetric
keys (to be specific, HMAC-SHA256) to authenticate requests it issues to
the Tarsnap server.  (This matters because it means that the keys which
the Tarsnap server holds aren't enough to allow it / me to read your data
or forge archives.)

> However, I couldn't find a way to revoke a key, in case it is
> compromised or lost. Is this a design descision, a drawback of
> symmetric cryptography or have I simply overlooked something?

I haven't put the necessary code in place yet to allow machines to be
disabled in Tarsnap except as part of killing an account (when people
run out of money or decide they don't want to use Tarsnap any more).  I
do plan on doing this soon; in the mean time, please contact me directly
if you think someone might be accessing Tarsnap using your keys. :-)

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid