[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How (and Why) are nuke keys different than delete keys?



On 04/06/16 22:16, Gavin Wahl wrote:
> I'm curious how delete and nuke permissions can be granted independently. Is
> there a separate HMAC key that just allows nukes
> (http://www.tarsnap.com/crypto.html states that there are only three HMAC
> keys, though).
> 
> Also, how is this feature expected to be useful? Is there some interesting
> security property you get by having a key with delete but not nuke, or vice versa?

Being able to delete a single archive requires being able to read archives;
otherwise you can't figure out which bits need to be deleted.  But nuking
everything doesn't need that.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid