Re: Account from Keyfile
Thanks very much - exactly what I was looking for :) On Tuesday, May 23, 2017 17:17 ACST, Colin Percival wrote: On 05/23/17 00:35, Stephen Argent wrote: > It does answer my quesetion, yes :) Wasn't sure if there was some hashing > magic going on (though I don't know how) that separated the two :P Am I to > presume all linking is done server-side - i.e. the key itself doesn't directly > contain any information about the account it's tied to? Correct. Key files contain a machine ID, and those IDs are currently visible (albeit not obvious) if you look up your accounting history on the tarsnap website; but while that can let you figure out if a machine belongs to your account, having someone else's keys won't let you figure out what their account is. Colin Percival > On Tuesday, May 23, 2017 17:01 ACST, Colin Percival > wrote: > >> On 05/22/17 20:33, Stephen wrote: >> > Just a quick/simple question (hopefully)! Given a keyfile, can the >> > account be determined from said keyfile (either by ourselves, or >> > Colin)? Or is the account only used to set up + authorise that key >> > file to store on the service, using a one-way only kind of identifier? >> > >> > Just curious if a keyfile can be used to identify an account, or not >> > :) >> >> I haven't figured out how to bill people for their machines' usage without >> knowing which account each machine belongs to. Does that answer your >> question? ;-) >> >> -- >> Colin Percival >> Security Officer Emeritus, FreeBSD | The power to serve >> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > > > > -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Re: Account from Keyfile
It does answer my quesetion, yes :) Wasn't sure if there was some hashing magic going on (though I don't know how) that separated the two :P Am I to presume all linking is done server-side - i.e. the key itself doesn't directly contain any information about the account it's tied to? On Tuesday, May 23, 2017 17:01 ACST, Colin Percival wrote: On 05/22/17 20:33, Stephen wrote: > Just a quick/simple question (hopefully)! Given a keyfile, can the > account be determined from said keyfile (either by ourselves, or > Colin)? Or is the account only used to set up + authorise that key > file to store on the service, using a one-way only kind of identifier? > > Just curious if a keyfile can be used to identify an account, or not > :) I haven't figured out how to bill people for their machines' usage without knowing which account each machine belongs to. Does that answer your question? ;-) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Account from Keyfile
Hi there, Just a quick/simple question (hopefully)! Given a keyfile, can the account be determined from said keyfile (either by ourselves, or Colin)? Or is the account only used to set up + authorise that key file to store on the service, using a one-way only kind of identifier? Just curious if a keyfile can be used to identify an account, or not :)
Re: Does anyone want key-resistant tamper-evident archives?
I would be interested in this mainly for the "prove that files have not been modified" aspect - I'm only not interested in the other components because my delete + read keys live offline. Otherwise, I could also see a use-case for that :) On Wed, 07 Sep 2016, Colin Percival wrote: > Hi all, > > Tarsnap is designed to detect if your data is modified: Archives are > cryptographically signed, and the signatures are verified before any > data is extracted. However, this depends on the integrity of the key: > If someone has your delete and write keys, they could delete an archive > and create a new one with the same name, and (since they have the keys) > it would cryptographically validate. > > It occurs to me that we could have a stronger unforgeability property > via out-of-band (non-cryptographic) verification of the archive metadata > hash; even with the keys, it would be impossible to create a different > archive which has the same hash (unless you find a SHA256 collision). In > addition to the "stolen keys" scenario, this could be useful if you need > to prove (e.g., for auditing or legal purposes) that *you* haven't changed > an archive since the time when you created it. > > Is anyone interested in having this functionality? It seems like too > obscure a use case to write code for if nobody wants it yet, but if there's > a demand then it's definitely doable. > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Re: argosnap: a script to display tarsnap notifications
Hey atmosx, I like the idea of this - I much prefer Pushover for this sort of stuff as well :) Will check it out! On Sat, 24 Oct 2015, Panagiotis Atmatzidis wrote: > Hello, > > I wanted to inform you that I released ‘argosnap’[1]. Argosnap is a ruby > script that displays the current picoUSD amount in console and can be used to > notify the user when his tarsnap account falls below a predefined picoUSD > threshold. It supports pushover, email and osx notifications. Tarsnap uses > mechanize to fetch data from the website. > > By default, tarsnap will notify you when your account balance falls below 7 > days worth of storage costs. Tarsnap will send 2 emails before erasing your > account. Since my ‘spamd’ setup far from perfect, I was afraid that I might > miss the two-emails notice. Personally, I prefer ‘pushover’ notifications to > my mobile for something like backups. > > Ideas, comments, features that might be useful to anyone etc. are more than > welcomed. > > Best regards, > > [1] https://github.com/atmosx/argosnap > > > Panagiotis (atmosx) Atmatzidis > > email:a...@convalesco.org > URL: http://www.convalesco.org > GnuPG ID: 0x1A7BFEC5 > gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5 > > "Everyone thinks of changing the world, but no one thinks of changing > himself.” - Leo Tolstoy > > > > >
Recovering archives after disk corruption.
Hi all, Tarsnap seems to fit my needs perfectly, backup wise, but I was wondering what the process is for recovering archives after disk corruption. Assuming I have a copy of my /root/tarsnap.key saved on another machine. How do I use this to recover the archives made on the corrupt machine? On a slightly different note, I assume archive names are only unique for each machine? Thanks, ~Stephen -- Stephen Rees-Carter ~ Valorin http://stephen.rees-carter.net/