-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-07 17:43, Peter Todd wrote: > On Sun, May 07, 2017 at 12:49:06PM -0500, Andrew David Wong wrote: >> They're not mutually exclusive. You can do both. >> >> I'm the one who reported the key derivation issue [1], but even I >> think qvm-backup is plenty safe as long as you use a high-entropy >> passphrase. (This will no longer be an issue when we switch to >> scrypt in 4.0. [1]) I personally rely on it for my most >> confidential data, and I'm confident that it's not the weakest >> link in my setup. > > FWIW, personally while I frequently use qvm-backup, I always use > the password "a", and instead backup to LUKS-encrypted partitions > formatted with BTRFS (for crappy authentication via BTRFS's > checksums). > > I already rely on LUKS, so I don't see any reason to add another > potential vulnerability to my setup.
The main reason would be for offsite non-drive backups (e.g., file-based upload). > For my usage pattern, I'd actually prefer an option to completely > remove both encryption and authentication to reduce CPU usage > during backups. Based on CPU load, this appears to be the > bottleneck on many of my machines (though this could be > parallelized). > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZD6jPAAoJENtN07w5UDAw1hwP/2QLqHjdskGO+Gu9ZAwE6c8z 9iJle20bZ3tLVNc2lxSwmrm1xT3YxSpzpWEm6yvB5wTtYk6JEWN9F/Wx9PYiw+sz uZBqsN/XWy1QtFWPa3+1hLg1jTBBObFGpdU6YGtEunI/hh3q8dHir9Cyii5DxwfA gaomHyyu8EeMsPlBRex5NPdozWjd5dlugA+Eg9jUKcDZAiTYhTW6tG5KIKUn1RLF oSv9VUa4fUl9nTWlI4SUcHDhmUBKSrFpG3jh8u26xQ9TDqZEIXSGXhQwm+zychFx XeO0ucOKsAg4SXqcRHusj8fRj0564wPLYrWJYdZDsKpdFCe5aAHW3HHUF4+lVw+C u4LDyJMh6iqGuyAidDZQUH5LOrApJryez/BS5DxcvKV7S5tKqu9RqbwDekgrhZhZ 83O/pEjZR0GeDAICuRIfGQTxRBjM3Awx684A2gdKnzDa+OIneoQ9OL0r62SmZ7Tt ww0ySMtHmnPUbckh51qelLHvb+hJyjSqwFrq4ak/bEXHEyMLH23U2f1owgP2RUIl l7aEiFUGxxYxWi0wGE1RSBJgXTe9hRzP8+nxD83oFqsmnjvxkvGp9E5KtaGEFNRa H5aF7gmLcelHJHXRYNkvkhxPA7azGotCxOuJCNEtAixTcDI3CY/ID9fK9cxDvlaE SVqRN62iZ34x7iDw3cFY =ETLi -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/91c88ae6-5438-8326-c350-94347aeb593f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.