On Wed, Feb 22, 2006 at 03:34:44PM -0800, Kevin Till wrote: > >- What is the point to uuencode and encrypt (with gpg) random data to > > generate the key? Since the passphrase is stored on the same host, > > protecting the key with the passprase is not of much use (IMHO). > > It illustrates the method of using multi-key which a strong point of > aespipe.
OK, I see. "multi-key" was the magic word that (after some googling) made me understand what's going on here. AFAICS, multi-keys can prevent watermark-attacks? Are there more advantages to them? > And it's a symmetric encryption and to facilitate automatic > backup, the passphrase has to be stored somewhere. This is (one) of the reasons why I'd prefer a pubkey method: You don't have the passphrase lying around on a networked box. > >- Why using aespipe at all? Is there any reason not to use gpg? > > AFAICS, aespipe introduces only an additinal layer of complexity. > Amanda users have used aespipe in the past, so it's there. Hmmm, AFAIK is aespipe part of loop-aes and loop-aes is deprecated because the kernel developers want to switch to devmapper. Please correct me and clarify if I'm wrong. > I believe aespipe gives better performance since gpg is doing more > than just encryption. AFAIK, gpg does compression in addition to encryption. But then you need to compare gzip+aespipe against gpg. Or did you mean something different? > >- Since the server says whether/which encryption is to be used, the > > server can request unencrypted backups from the client. This > > implies that the server has to be trusted. > > Use "auth ssh/krb4/krb5" to enable transport encryption. I am not about transport encryption here. I am about not trusting the amanda server. Thanks for the explanations, Kevin!
