On Thu, Sep 8, 2016 at 12:10 AM, Colin Percival <cperc...@tarsnap.com> wrote:
> Hi all, > > Tarsnap is designed to detect if your data is modified: Archives are > cryptographically signed, and the signatures are verified before any > data is extracted. However, this depends on the integrity of the key: > If someone has your delete and write keys, they could delete an archive > and create a new one with the same name, and (since they have the keys) > it would cryptographically validate. > > It occurs to me that we could have a stronger unforgeability property > via out-of-band (non-cryptographic) verification of the archive metadata > hash; even with the keys, it would be impossible to create a different > archive which has the same hash (unless you find a SHA256 collision). In > addition to the "stolen keys" scenario, this could be useful if you need > to prove (e.g., for auditing or legal purposes) that *you* haven't changed > an archive since the time when you created it. > > Is anyone interested in having this functionality? It seems like too > obscure a use case to write code for if nobody wants it yet, but if there's > a demand then it's definitely doable. > > It is interesting, but I would prefer improvements to restore speed. I currently need to keep a second backup copy just in case I need a fast restore, as the restore with tarsnap is unacceptably slow (last time I tested a couple of months ago). Cheers Raphaƫl > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > -- [image: Tessares SA] <http://www.tessares.net> Raphael Bauduin | Senior R&D Engineer raphael.baud...@tessares.net | +32 10 392 252 <raphael.bauduin%40tessares.net> Tessares SA www.tessares.net 6 Rue Louis de Geer, 1348 Louvain-la-Neuve, Belgium <https://www.google.com/maps?q=6+Rue+Louis+de+Geer,+1348+Ottignies-Louvain-la-Neuve,+Belgium> -- ------------------------------ DISCLAIMER. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.