[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does anyone want key-resistant tamper-evident archives?

On Thu, Sep 8, 2016 at 12:10 AM, Colin Percival <cperciva@tarsnap.com> wrote:
Hi all,

Tarsnap is designed to detect if your data is modified: Archives are
cryptographically signed, and the signatures are verified before any
data is extracted.  However, this depends on the integrity of the key:
If someone has your delete and write keys, they could delete an archive
and create a new one with the same name, and (since they have the keys)
it would cryptographically validate.

It occurs to me that we could have a stronger unforgeability property
via out-of-band (non-cryptographic) verification of the archive metadata
hash; even with the keys, it would be impossible to create a different
archive which has the same hash (unless you find a SHA256 collision).  In
addition to the "stolen keys" scenario, this could be useful if you need
to prove (e.g., for auditing or legal purposes) that *you* haven't changed
an archive since the time when you created it.

Is anyone interested in having this functionality?  It seems like too
obscure a use case to write code for if nobody wants it yet, but if there's
a demand then it's definitely doable.

It is interesting, but I would prefer improvements to restore speed.
I currently need to keep a second backup copy just in case I need a fast restore,
as the restore with tarsnap is unacceptably slow (last time I tested a couple of months ago).


Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid


This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.