[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
additional security (II)
If I understand tarsnap from previous posts correctly, there seem to be
various keys, e.g. for sending data, for deleting data, for listing
data.
Coming back to my previous suggestion to bring the security level more
in accordance with the philosophy adhered to by the Qubes-OS designers
at qubes-os.org, i.e.: 'do not leave your secret passphrases/-words on
a net-connected computer of VM', I would suggest to look into the
possibility of a command line option which would allow users to paste
the required part of the key file in the terminal when needed.
If that would be possible, I could store my keyfile (or -files, as I
think them keys would preferably be stored in separate files) on a
'Vault-VM' which has no physical connection to the internet as it is
'perfectly isolated' using Intel's VT-d and VT-x processor features
and thanks to Qubes-OS's design (and hopefully implementation).
Then, when invoking tarsnap with the --paste-keys (or whatever) option,
I could be queried for the appropriate key (for writing, reading,
deleting) whenever needed and copy/paste it from the Vault-VM into the
VM's terminal running tarsnap at that moment.
The (part of the) keyfile would then only reside in RAM during the time
that tarsnap is running (and does it really need to stay there all the
time?), making it more difficult for hackers to catch it.
Impossible? Or even nonsense talk? I'm not such a 'code reader' that I
can easily find this myself in 'the source code', and maybe someone has
enough knowledge of the inner workings to find it easy to answer this
question.
And please, after Snowden's publications, don't call me 'truly
paranoid' anymore. 'Truly realistic' would be more appropriate ;-)
.