Marc Schulz-Narres writes:
> Hello,
>
> I was wondering wether amanda traffic between client and server is
> transport encrypted.
>
> From the mailing list archive and Documentation I assume, that it is
> only encrypted if I use SSH as transport. Is that correct?
>
Or something like stunnel.
Hello,
I was wondering wether amanda traffic between client and server is
transport encrypted.
From the mailing list archive and Documentation I assume, that it is
only encrypted if I use SSH as transport. Is that correct?
Best regards,
Marc
--
Marc Schulz-Narres
IT Security and
; amanda-users@amanda.org
Subject: Re: Encryption information
Maybe
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.zmanda.com%2Findex.php%2FHow_To%3ASet_up_data_encryptiondata=04%7C01%7CSimpsonD4%40cardiff.ac.uk%7C1d0bb264ba7b4f168ad008d97c151be6
Maybe https://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption is
what you are looking for?
On 20.09.2021 10:39, David Simpson wrote:
Looking for any useful information and scripts on encryption with Amanda
(and not hardware encryption done by the tape library itself).
thanks
Looking for any useful information and scripts on encryption with Amanda (and
not hardware encryption done by the tape library itself).
thanks
-
David Simpson - Senior Systems Engineer
ARCCA, Redwood Building,
King Edward VII Avenue,
Cardiff, CF10 3NB
David Simpson - peiriannydd
On 2020-05-19 23:56, Chris Hoogendyk wrote:
> I've seen discussions of amcrypt and pgp (I confess I haven't followed
> them closely), but is it possible to configure amanda to handle keys for
> the native LTO drive encryption?
It isn't really "configure amanda" in the
Il 19/05/20 23:56, Chris Hoogendyk ha scritto:
> is it possible to configure amanda to handle keys for
> the native LTO drive encryption?
I rarely trust some HW features like encryption, RAID and compression...
They tend to render the devices way less interoperable and make recovery
way
I've seen discussions of amcrypt and pgp (I confess I haven't followed them closely), but is it
possible to configure amanda to handle keys for the native LTO drive encryption? If it makes a
difference, I have three different Amanda backup servers, two with LTO7 and one with LTO6. One
Using a dumptype definition like below on the server:
define dumptype client-pubkey-encrypt-comp {
...
compress client
encrypt client
client_encrypt "/usr/local/sbin/amcrypt-ossl-asym"
client_decrypt_option "-d”
..
}
makes public key dumping work fine - with no need for the private
Marcus Pless mpl...@servo.ucsd.edu writes:
I'm researching a possible LTO6 library purchase and we would very
much like to take advantage of the encryption capabilities of the
tape drives. My understanding is that this requires an Encryption Key
Manager server, which the library vendors
On 04/17/2013 02:25:05 AM, Sven Rudolph wrote:
Marcus Pless mpl...@servo.ucsd.edu writes:
I'm researching a possible LTO6 library purchase and we would very
much like to take advantage of the encryption capabilities of the
tape drives. My understanding is that this requires an Encryption
I'm researching a possible LTO6 library purchase and we would very
much like to take advantage of the encryption capabilities of the
tape drives. My understanding is that this requires an Encryption
Key Manager server, which the library vendors are all too happy to
sell me. Is anyone actually
Hi April,
I am assuming that you are using a Community version of ZWC. Encryption is
not supported in the Community version of ZWC. It is only supported in the
Enterprise version. This is the reason why ZWCService is crashing when a
request for encrypted backup is sent by the Amanda server
Thank you, I am. I will look at upgrading.
April
*From:* prashant.zma...@gmail.com [mailto:prashant.zma...@gmail.com] *On
Behalf Of *Prashant Joshi
*Sent:* Tuesday, April 03, 2012 1:00 AM
*To:* April Rosenberg
*Cc:* amanda-users@amanda.org
*Subject:* Re: Windows - ZWC Encryption
Hi April
] *On
Behalf Of *Prashant Joshi
*Sent:* Tuesday, April 03, 2012 1:00 AM
*To:* April Rosenberg
*Cc:* amanda-users@amanda.org
*Subject:* Re: Windows - ZWC Encryption
Hi April,
I am assuming that you are using a Community version of ZWC. Encryption is
not supported in the Community version
Good Afternoon,
I am having a problem setting up encryption for my windows client. I have
been trying to research this, and I found some instructions, but I keep
getting “connection reset by peer”. The two folders who aren’t using
encryption work, so I believe my Amanda.conf file is correct
Hi,
i'm currently planning to migrate a FreeBSD UFS storage to ZFS. This
machine is currently running amanda 2.6.x server+client to create
encrypted backups on a NFS mounted offsite machine. It would be nice to
continue using amanda to backup the ZFS, but i require fast (so
symmetric) encryption
, but i require fast (so
symmetric) encryption and the offsite storage pool should not be able to
access any cleartext data.
Is this possible with amzfs-sendrecv or would i need to stay with
amcrypt-ossl and tar etc. ?
You can keep the same encryption setting when you change the backup
appliaction
Just FYI, this exact message, using the same or similar user names, has
been spammed to other forums as well. It appeared on
Linuxquestions.org today just tacked onto a thread where I had been
helping someone work through some issues with their Amanda
configuration. It was the first post on
I found about this PCI based hardware products from Indra Networks which can
make backup of Amanda faster and also encrypt the data. See if you find this
useful. I have not used this personally, but looks like good help.
+--
like good help.
I assume this is an encryption coprocessor, and it's worth noting that
this only helps if the apps Amanda is using for encryption are
compiled to support it.
+--
|This was sent by sameervit...@yahoo.com via Backup
this personally, but looks like good help.
I assume this is an encryption coprocessor, and it's worth noting that
this only helps if the apps Amanda is using for encryption are
compiled to support it.
+--
|This was sent
@amanda.org
Subject: Re: [Amanda-users] amanda 2.5.1 on FreeBSD encryption problems and
solution
Dustin J. Mitchell wrote:
On Tue, Apr 7, 2009 at 7:37 AM, encryptionguru
amanda-fo...@backupcentral.com wrote:
I found about this PCI based hardware products from Indra Networks which can
make
This has come up in the past but so far I haven't seen an actual
solution ... does anybody have client side encryption working on
FreeBSD? I have it working fine with my linux clients and for now I'm
using server side encryption for the freebsd clients but it puts too
high a load
Nicki Messerschmidt amand...@alienn.net writes:
does anyone know a good tape library which supports hardware encryption
under linux with amanda?
Any LTO-4 drive supports encryption, but you need special software to
control it.
An LTO FAQ (http://www.lto-technology.com/About/faq.php) says
hmm, seems to me if you are looking for a good tape library with
hardware encryption, you could probably more easily afford a faster
server running linux that would do the encryption. Since you need to
balance the server capabilities with the tape library, you might need
this anyway. I've seen
On Tue, 10 Feb 2009 at 8:51am, Nicki Messerschmidt wrote
does anyone know a good tape library which supports hardware encryption
under linux with amanda? I thought about an lto-4 drive but there seems
no linux support for the encryption part und gpg is too slow on this
machine... ;)
To second
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
does anyone know a good tape library which supports hardware encryption
under linux with amanda? I thought about an lto-4 drive but there seems
no linux support for the encryption part und gpg is too slow on this
machine... ;)
Cheers
Nicki
# 24 bytes: random seed string
# remaining bytes are aespipe encrypted
# These definitions are only used when encrypting.
# Decryption will autodetect these definitions from archive.
ENCRYPTION=AES256
HASHFUNC=SHA256
ITERCOUNTK=100
WAITSECONDS=1
AMANDA_HOME=~operator
GPGKEY=$AMANDA_HOME/.gnupg
export/home/pdc/maple lev 0 FAILED [data write: Broken pipe]
The amdump.1 file contains the error:
gpg: amanda: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
However, when I run the command, as amanda, gpg --list-keys
I get:
/export/home/amanda
15:04
To: Johan Booysen
Cc: amanda-users@amanda.org
Subject: RE: gpg encryption
Johan,
My client and server are the same machine. My config looks the same as
yours. I had this working on an old system but not now. Did you
configure and compile amanda with any special settings?
Paul
I finally got encryption working a lot of trial and error thanks mostly
to Dustin Mitchell and asking questions on the gpg discussion list.
I gave up on aespipe because it just didn't seem to want to work on
Solaris. I then tried to use amgpgcrypt and finally got that to work.
Here are 2 links
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin
J. Mitchell
Sent: Friday, January 04, 2008 4:03 PM
To: Paul Crittenden
Cc: amanda-users@amanda.org
Subject: Re: Amanda encryption
On Jan 4, 2008 3:39 PM, Paul Crittenden [EMAIL PROTECTED]
wrote:
Well, since I have received
-users@amanda.org
Subject: Re: Amanda encryption
On Jan 4, 2008 3:39 PM, Paul Crittenden [EMAIL PROTECTED]
wrote:
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am
the
only one to have this issue
encryption
I assume that the '18' in the amdump logfile is coming from this line:
seedstr=`head 18 /dev/urandom | uuencode - | head -n 2 | tail -1`
and that this is probably a result of non-portable shell (or, in this
case, 'head') syntax.
You can replace all of those 'head NN' with 'sed
On Jan 7, 2008 3:09 PM, Paul Crittenden [EMAIL PROTECTED] wrote:
Dustin,
When I run amaespipe, by itself, I get the usage error message the first
2 times and then the third and subsequent times I get the following:
# amaespipe
bz2aespipe%10uu00MDGVU,T;M_I:)BBXZQM1Z$+MMVF5@*K3TMV@7AM-FI(ZSBQY
Here it is and yes I have corrected the head and tail entries.
$ sh -x amaespipe
ENCRYPTION=AES256
HASHFUNC=SHA256
ITERCOUNTK=100
WAITSECONDS=1
AMANDA_HOME=/export/home/amanda
GPGKEY=/export/home/amanda/.gnupg/am_key.gpg
FDNUMBER=3
PATH=/usr/bin:/usr/local/bin:/sbin:/usr/sbin
+ export PATH
+ test
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am the
only one to have this issue.
Because of the data I am trying to backup I have been charged with
making encrypted backups. I was hoping that Amanda would
: Amanda encryption
On Jan 4, 2008 3:39 PM, Paul Crittenden [EMAIL PROTECTED]
wrote:
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am
the
only one to have this issue.
Because of the data I am trying
On Jan 4, 2008 3:39 PM, Paul Crittenden [EMAIL PROTECTED] wrote:
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am the
only one to have this issue.
Because of the data I am trying to backup I have been
On Friday 04 January 2008, Paul Crittenden wrote:
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am the
only one to have this issue.
Because of the data I am trying to backup I have been charged with
making
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed fine but when I try to do I
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
I got it all set up and the key created but now
Paul Crittenden wrote:
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed
] On Behalf Of Chris Hoogendyk
Sent: Tuesday, December 18, 2007 9:42 AM
To: Paul Crittenden
Cc: amanda-users@amanda.org
Subject: Re: Encryption with Amanda
Paul Crittenden wrote:
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed fine but when I try to do
I'm using amanda 2.5 and followed the HowTo instructions to setup
encryption w/aespipe and gpg. I believe I've done everything correctly
and all components seem to work together nicely but when amanda runs it
fails to encrypt the data although it proceeds to back it up, only w/o
encryption
Amanda users,
I may have missed it in the mailing list... I know that
encryption came available in 2.5.0, either server side
or client side, or the channel (though I think encrypting
on the client provides an encrypted channel by default, true ?)
Anyway, I was wondering and haven't seen... how
Brian Cuttler wrote:
Amanda users,
I may have missed it in the mailing list... I know that
encryption came available in 2.5.0, either server side
or client side, or the channel (though I think encrypting
on the client provides an encrypted channel by default, true ?)
Anyway, I was wondering
In my (admittedly limited) experience with encryption and compression, the rule
of thumb has always been to compress first (removing exploitable redundancy and
pattern repetitions) and then encrypt. It also has the advantage that you are
encrypting less volume and reducing the exploitable
Good crypto will produce relatively random output data. Compressing prior
to encrypting if storing encrypted is typically a must.
--On October 30, 2007 6:06:09 PM -0500 [EMAIL PROTECTED] wrote:
In my (admittedly limited) experience with encryption and compression,
the rule of thumb has
is being done by RHEL5 now.
The version of amanda is 2.5.0p2-4.
I want to construct amanda with the krb5 encryption between the backup
server and the backup
client.
When the amcheck -c command was executed, the following error
messages were output.
/etc/amanda/DailySet1/amanda.conf
Takashi Kurakata wrote:
Thank you for answering my question.
krb5keytab and krb5principal are global parameter, they are not
dumptype parameter.
I deleted krb5keytab and krb5principal from dumptype.
When I executed amcheck in the kerberos environment, the following
messages were
output.
Hi all,
I am using amanda that the bundle is being done by RHEL5 now.
The version of amanda is 2.5.0p2-4.
I want to construct amanda with the ssh encryption between the backup server
and the backup
client.
When the amcheck command was executed, the following error messages were
output
amanda with the ssh encryption between the backup
server and the backup
client.
When the amcheck command was executed, the following error messages
were output.
/etc/amanda/DailySet1/amanda.conf, line xxx: dump type parameter
expected
/etc/amanda/DailySet1/amanda.conf, line xxx: end
Hi all,
I am using amanda that the bundle is being done by RHEL5 now.
The version of amanda is 2.5.0p2-4.
I want to construct amanda with the krb5 encryption between the backup
server and the backup
client.
When the amcheck -c command was executed, the following error messages
were output
is 2.5.0p2-4.
I want to construct amanda with the ssh encryption between the backup
server and the backup
client.
When the amcheck command was executed, the following error messages
were output.
/etc/amanda/DailySet1/amanda.conf, line xxx: dump type parameter
expected
/etc/amanda
is 2.5.0p2-4.
I want to construct amanda with the krb5 encryption between the backup
server and the backup
client.
When the amcheck -c command was executed, the following error
messages were output.
/etc/amanda/DailySet1/amanda.conf, line xxx: dump type parameter
expected
/etc/amanda
skip kerberos encryption
on some file systems.
We now run this for our amanda backups, and things go very well.
Thanks for adding this option.
We will keep an eye on releases and will build and test next stable
version with this option included.
Jean-Louis
/klas
20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have
a working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer
It's broken that krb5 encryption is a compile time flag rather than a
dumptype option. With 2.4 and krb4, it's a dumptype option. I fixed
2.5's krb4 encryption, but I think by leaving it on always, and my fuzzy
memory is that adding it on a per-dumptype basis required adding it to
the protocol
Klas,
Try amanda-2.5.3alpha-kencrypt.tar.gz from
http://www.zmanda.com/community-builds.php
It add support for the DLE kencrypt option with krb5.
I don't know how to changer the encryption method.
Jean-Louis
Klas Heggemann wrote:
20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:
Klas
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a
working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication.
The backup server seems
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have
a working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a
working
build and configuration. We've also switched from Solaris 9 to 10, and
newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication
servers(AIX and
SUN). It works perfectly. We asked to do backup encryption of one of
the File Systems. Do we need to install a new package?. We use gpg
encryption for other purpose. Ho to integrate it to Amanda?.
Any help/suggestions will be greatly appreciated.
Amanda 2.5.0 supports
of using multi-key which a strong point of
aespipe.
OK, I see. multi-key was the magic word that (after some googling)
made me understand what's going on here. AFAICS, multi-keys can prevent
watermark-attacks? Are there more advantages to them?
And it's a symmetric encryption
attack almost impossible given that the
passphrase is not in the wrong hand.
And it's a symmetric encryption and to facilitate automatic
backup, the passphrase has to be stored somewhere.
This is (one) of the reasons why I'd prefer a pubkey method: You don't
have the passphrase lying around
developers want to switch to devmapper. Please
correct me and clarify if I'm wrong.
devmapper seems to be merged into the mainline Linux and loop-aes has
not. However, for the purpose of backup encryption, it's still a valid
solution. Debian and Gentoo distribute it and it's actively maintained
because the kernel developers want to switch to devmapper. Please
correct me and clarify if I'm wrong.
devmapper seems to be merged into the mainline Linux and loop-aes has
not. However, for the purpose of backup encryption, it's still a valid
solution. Debian and Gentoo distribute it and it's
Hello!
Now that 2.5.0b2 seems to run pretty stable, I'd like to try the new
encryption functionality. I've read wiki.zmanda.com/index.php/Encryption,
but have still some questions:
- What is the point to uuencode and encrypt (with gpg) random data to
generate the key? Since the passphrase
[horror stories about wayward tapes with client data]
If I had machines with such customer data, I'd probably choose
differently for that data. And I'd then be willing to spend the money
to ensure availability, which is then more challenging.
The above examples show that having unencrypted
On Tuesday 17 January 2006 06:10 am, you wrote:
You're making unwarranted assumptions about other people's situations,
and telling them what to do without even understanding their needs.
Even if you do understand, the policy choice is theirs to make. Some
people have data that doesn't have
Ian Turner schrieb:
On Tuesday 17 January 2006 06:10 am, you wrote:
You're making unwarranted assumptions about other people's situations,
and telling them what to do without even understanding their needs.
Even if you do understand, the policy choice is theirs to make. Some
people have data
with data of 2 million credit users.
Really, I am trying to ask you to think about keeping transport and
storage encryption conceptually separate, even if you have a mechanism
that does both without any bits on the server.
The above examples show that having unencrypted backups is not really
, ranging from rm -rf / to a
disk failing, to total loss of the building due to fire/flood/etc.
So you want the benefits of encryption but don't want to pay the price?
Sounds strange to me.
So
the notion that things are encrypted but the key is on the tape means
that I can no longer read my backup
On Thu, 29 Dec 2005, Kevin Till wrote:
Another point I want to add is that while public-key encryption allows you
to encrypt the data with just the public-key and store away the private-key.
It does requires more computational resources, thus much slower than
symmetric encryption
On Thu, Dec 29, 2005 at 04:18:09PM -0800, Kevin Till enlightened us:
I agree with Paddy that ssh provides transport encryption and
authentication. The only caveat is that the amanda binary needs to be
installed at the same location in the server as well as in the client
since server
On 12/29/05, Todd Kover [EMAIL PROTECTED] wrote:
Just because it's almost newyear, and I have seen The Light... (or
was that just an illusion?)
Some thoughts about the new proposed features, concerning:
- multiplexing the data streams, error stream, index stream, over
Yes. Multiplexing the data streams/error stream/index stream
over one connection is a good idea. Kevin Till has done some
investigation in this area. I hope he will comment on this.
The Kerberos 5 implementation in 2.5.0 actually does all this over
one tcp connection
admits future good things and
doesn't make them harder.
So E has no disadvantages here.
With respect to confidentiality, no. But E is weaker than the cases
that don't encrypt tapes from the backup availability perspective.
No doubt here. As long as encryption is an _option_, no one
I realize I'm jumping into the middle here and not fully
understanding the issues but I have questions (and that is
just the sort of guy I am).
I'm not meaning to make light or waste time but the following
questions/observations occur.
Concerning tape encryption but not addressing encryption
Brian Cuttler [EMAIL PROTECTED] writes:
I'm not meaning to make light or waste time but the following
questions/observations occur.
no worries, your comments are useful.
Concerning tape encryption but not addressing encryption during
transit between client and server I wonder about
.
Concerning tape encryption but not addressing encryption during
transit between client and server I wonder about the following ?
1) I don't fully apreciate implications having the key on the tape
- you don't lose it
- you complicate the restore
- I suppose you could always store
I also know that protecting the keyring is of paramount inportance
in a security situation. All I could suggest is an unencrypted copy
of the root/critical systems with updated keyring and archived and
stored in a physically high security area. For that matter I think
any
Just because it's almost newyear, and I have seen The Light...
(or was that just an illusion?)
Some thoughts about the new proposed features, concerning:
- multiplexing the data streams, error stream, index stream, over
one TCP connection (this would make passing firewalls and NAT
so much
, it is the ability to restore data from tape and make it
available again that is important.
If the client(s) and servers are on a secure network, perhaps in an
isolated room and you have security transport do you also need to
worry about encryption ? Can you have too many safeguards ?
Arguably
That makes sense, but if the protocol hasn't gained mindshare and the
code is static for 2 years, it may mean accepting BXXP maintainership
if amanda uses it.
There is also an efficiency issue.
--
Greg Troxel [EMAIL PROTECTED]
On 12/29/05, Paul Bijnens [EMAIL PROTECTED] wrote:
Just because it's almost newyear, and I have seen The Light...
(or was that just an illusion?)
Some thoughts about the new proposed features, concerning:
- multiplexing the data streams, error stream, index stream, over
one TCP
Just because it's almost newyear, and I have seen The Light... (or
was that just an illusion?)
Some thoughts about the new proposed features, concerning:
- multiplexing the data streams, error stream, index stream, over
one TCP connection (this would make passing firewalls
Brian Cuttler wrote:
The amanda disklist allows optional encryption, selected per DLE ?
Hi Brian,
the new encrypt option is added to dumptype. So yes, you can specify
encryption on some DLE but not others. You can also choose to encrypt on
the client *or* server side.
Can you say, never
Jon LaBadie wrote:
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems to me
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems to me to be the combo's
On Sat, Dec 24, 2005 at 03:22:09AM -0500, Jon LaBadie wrote:
Aside from your opinion that combos B,C, and D
are redundant or inferior to E, what are your objections
to allowing the amanda user to make their own flexible choice.
I have no objections. It is just that
- implementing redundant
is weaker than the cases
that don't encrypt tapes from the backup availability perspective.
No doubt here. As long as encryption is an _option_, no one is forced
to use it. Those who actually use encryption, should be aware of the
fact that they loose data when they loose the key. IMHO
restores
harder. This really needs quite a lot of key management thought. But
later, I see that you intend to be able to implement cleartext on
tapes but with transport encryption via this.
It's broken from a security viewpoint to only configure this on the
server, particularly without authentication
On Mon, Dec 19, 2005 at 12:56:26PM -0500, Greg Troxel wrote:
I think the essence is that while both are encryption, one is applied
to transport and one to storage.
Is it really _that_ different? IMHO, a public-key method encrypted on
the client would be good for both, transport _and_ storage
On Sun, Dec 11, 2005 at 04:37:12PM -0800, Paddy Sreenivasan wrote:
[1] You need client-side encryption if you don't want your data flowing
unencrypted over the network.
You can use ssh for server/client communication and server side data
encryption.
While this is possible, I don't like
Josef Wolf [EMAIL PROTECTED] writes:
On Mon, Dec 19, 2005 at 12:56:26PM -0500, Greg Troxel wrote:
I think the essence is that while both are encryption, one is applied
to transport and one to storage.
Is it really _that_ different? IMHO, a public-key method encrypted on
the client
On Tue, Dec 20, 2005 at 09:03:50AM -0500, Greg Troxel wrote:
Josef Wolf [EMAIL PROTECTED] writes:
On Mon, Dec 19, 2005 at 12:56:26PM -0500, Greg Troxel wrote:
I think the essence is that while both are encryption, one is applied
to transport and one to storage.
Is it really _that_
1 - 100 of 144 matches
Mail list logo
