Hello,
2013/4/7 Adrian Reyer <bacula-li...@lihas.de>
> On Sun, Apr 07, 2013 at 09:03:34PM +0200, Radosław Korzeniewski wrote:
> > I think it is not possible to properly handle encrypted sparse data
> blocks
> > without compromising security. The main data block size is 64kB long, so
> > encrypted block should be more than 64kB long. Now, if we have a sparse
> > block then its size is tens of bytes instead of 64kB, so encrypted block
> > will be at the tens of bytes too not 64kB. So, if we have an encryption
> > stream with a number of 64kB blocks (block boundary information is
> > available on volume) and suddenly we will got a short block then for sure
> > it will be a sparse block (I'm sure sparse block has its own stream
> > number), then we can predict content. It is not good for security if we
> can
> > predict original content. Think about it.
>
> I am no mathematican but I don't really see how sparse blocks compromise
> security in a real way. All an attacker knows is that a file that claims
> to be 10G is only 10M,
It is not a problem with file size. It is a problem with encryption of
known content. Known plaintext attack:
http://en.wikipedia.org/wiki/Known-plaintext_attack. I'm not a security
specialist either, so I can't confirm or deny we can use this attack to the
Bacula Encryption functionality, but avoiding this kind of situation is a
good practice.
If I'm wrong then functionality change is very simple and could be
implemented in Bacula in a few minutes.
best regards
--
Radosław Korzeniewski
rados...@korzeniewski.net
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
