Hello,
2013/4/7 Alberto Caporro <a.capo...@consulthink.it>
> Hi Marcin,
>
> you're right, disabling encryption solved the issue. I'll both point out
> the lack in documentation and ask for an improvement on this.
>
>
I think it is not possible to properly handle encrypted sparse data blocks
without compromising security. The main data block size is 64kB long, so
encrypted block should be more than 64kB long. Now, if we have a sparse
block then its size is tens of bytes instead of 64kB, so encrypted block
will be at the tens of bytes too not 64kB. So, if we have an encryption
stream with a number of 64kB blocks (block boundary information is
available on volume) and suddenly we will got a short block then for sure
it will be a sparse block (I'm sure sparse block has its own stream
number), then we can predict content. It is not good for security if we can
predict original content. Think about it.
best regards
--
Radosław Korzeniewski
rados...@korzeniewski.net
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
