[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How (and Why) are nuke keys different than delete keys?

To: Gavin Wahl <gavinwahl@gmail.com>, tarsnap-users@tarsnap.com
Subject: Re: How (and Why) are nuke keys different than delete keys?
From: Colin Percival <cperciva@tarsnap.com>
Date: Wed, 6 Apr 2016 22:31:05 -0700
In-reply-to: <CACPudh3y+6-czn4UA6MX9nSXB3wRk9oJh-wdWf0gt+rSn-NY1w@mail.gmail.com>
References: <CACPudh3y+6-czn4UA6MX9nSXB3wRk9oJh-wdWf0gt+rSn-NY1w@mail.gmail.com>

On 04/06/16 22:16, Gavin Wahl wrote:
> I'm curious how delete and nuke permissions can be granted independently. Is
> there a separate HMAC key that just allows nukes
> (http://www.tarsnap.com/crypto.html states that there are only three HMAC
> keys, though).
> 
> Also, how is this feature expected to be useful? Is there some interesting
> security property you get by having a key with delete but not nuke, or vice versa?

Being able to delete a single archive requires being able to read archives;
otherwise you can't figure out which bits need to be deleted.  But nuking
everything doesn't need that.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

References:
- How (and Why) are nuke keys different than delete keys?
  - From: Gavin Wahl <gavinwahl@gmail.com>

Prev by Date: How (and Why) are nuke keys different than delete keys?
Next by Date: tarsnap-keygen: Error registering with server (too many network failures)
Previous by thread: How (and Why) are nuke keys different than delete keys?
Next by thread: tarsnap-keygen: Error registering with server (too many network failures)
Index(es):
- Date
- Thread