On Sunday, May 14, 2017 at 10:38:37 PM UTC-4, cooloutac wrote: > On Sunday, May 14, 2017 at 3:48:04 PM UTC-4, Andrew David Wong wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > > > > > > What do you mean? Are you suggesting that qvm-backup has "more attack > > vector" than an encrypted KeePassX (or whatever) database? Why? > > No, I think it's actually the opposite. An attacker could feed you a > > malformed database file, which you believe is your authentic database > > file. If it's not authenticated, you won't be able to tell. When you > > try to decrypt and open it with KeePassX, it could try to compromise > > KeePassX. qvm-backup is designed to protect against this class of > > attack. > > I'm not sure what you mean. If an attacker has a copy of your > > encrypted database and subsequently gets the key/passphrase to that > > database, she can then decrypt the database regardless of what you > > subsequently do. > > > > Are you saying that you would render the contents of the database > > worthless by changing every password stored in that database? How > > would you know to do this? Are you assuming that you'll somehow know > > the instant your database has been compromised? What if the attacker > > changes some or all of your passwords before you do? What if you have > > persistent passwords (e.g., not for online accounts) that can't be > > rendered useless in this way? > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > -----BEGIN PGP SIGNATURE----- > > > > iQIcBAEBCgAGBQJZGLRXAAoJENtN07w5UDAwmegP/imUHFRm0SadmiWdh6T71oWd > > VaQt8TMrXoUeguysZEE3l0EwhWKbmET2KunXbkN5/RNfEz7wb9yIerNKnt5cTNMh > > ko1ENAdNO9vWufJQyNSuZ+CScV/EL+tUG8626r28em1Rb2TknNk4COBb3pX0VRCC > > RF3h7p+rSZufSy4xVuwVZRcllT94HhFTGpuvhzcB+f3FMmKjkTcYZLVL1gddiwcP > > mEE1DAEGdsY5Y5eKl7xCAaiICvK2sSLWHTBGYZT3FZF6TSqLJ8iO92IoeMjPIbRS > > +OShxw+ITr/g9oN+pSJ6con+mZk6xzrRC5ExZS9mRaYOLlXVx8LyC41cGVSxO0nb > > KNoaMZqJ3nA8FtkfJ0Jo7786A2UBPYzSln4qzc8kqQ/23oa6Gevm9JckzixWLo3t > > BnPN99fZ0zlspDcvkgPjoJhB3TPlUdvBbcHrWd5G93I/GIPCNp6yBvLAvoMyZcL5 > > RdZ4yH+CB7BK1aInrHaHtKN68Bjep5ZTBXCmWVwIuXN2g82kip7uQ9qPAUtFvSqx > > B4a/N1MPkVB80DFLRFHDdDQM0ChiEj3ewA3NPp2mk6ECJbnq0lxUeWGMU93pufuN > > Dqx5EpopP1bVX8amLr8eYn+2C+eTAxgZIj+lC+dUg/kmqn/kjq7mzS3sCyxc41ni > > iZbzihGynHg5/sZ31Oft > > =nZE4 > > -----END PGP SIGNATURE----- > > Well if they can do that to one file, couldn't they do that to alot more > others if backing up the whole vm? I would think one file is alot easier to > check. Since that whole vaultvm is only dedicated to that one file for me > anyways, and I don't have custom configs or scripts in it. > > One cool thing I saw about paranoid mode is it take into account things in > user directories that are not even user data to begin with. so ya I back up > other vms that way especially templates, and especially vms with custom > configs. or vms with just alot of data in alot of diff folders out of > convenience. > > But for the vault I just do the single file. > > And so say if the database file is malware, what do you mean by qvm-backup > would prevent it? > > And yes "rendering it useless by changing every password". We are talking of > the times you suspect it, have a hunch, if you think you can never tell when > you are compromised then what else is there to go on? and what else can be > done?
by a hunch I mean like noticing weird anomalies, freezes, crashes, mouse issues, lag, or just anything really, timing and sequence of events. after my account gets hacked do I still just say it could just be a random bug cause I have no proof? if we really can't notice anything suspicious in even with live realtime network traffic, system logs, or file integrity logs, then what else are you supposed to do. Just already assume its compromised. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01ae4ab6-c8dd-4555-8c5c-73abc9cb6cee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
