On Thu, Sep 8, 2016 at 12:10 AM, Colin Percival <cperciva@tarsnap.com> wrote:
Hi all,
Tarsnap is designed to detect if your data is modified: Archives are
cryptographically signed, and the signatures are verified before any
data is extracted. However, this depends on the integrity of the key:
If someone has your delete and write keys, they could delete an archive
and create a new one with the same name, and (since they have the keys)
it would cryptographically validate.
It occurs to me that we could have a stronger unforgeability property
via out-of-band (non-cryptographic) verification of the archive metadata
hash; even with the keys, it would be impossible to create a different
archive which has the same hash (unless you find a SHA256 collision). In
addition to the "stolen keys" scenario, this could be useful if you need
to prove (e.g., for auditing or legal purposes) that *you* haven't changed
an archive since the time when you created it.
Is anyone interested in having this functionality? It seems like too
obscure a use case to write code for if nobody wants it yet, but if there's
a demand then it's definitely doable.
It is interesting, but I would prefer improvements to restore speed.
I currently need to keep a second backup copy just in case I need a fast restore,
as the restore with tarsnap is unacceptably slow (last time I tested a couple of months ago).
Cheers
Raphaël
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
--
| Raphael Bauduin | Senior R&D Engineer | |
| raphael.bauduin@tessares.net | +32 10 392 252 | |
| Tessares SA www.tessares.net 6 Rue Louis de Geer, 1348 Louvain-la-Neuve, Belgium |