Re: Encryption protection
Title: Re: Encryption protection I understand from the replies here that SimpleCrypt isn't secure, at least in the sense that with enough time the encryption scheme can be defeated. That's true for any scheme if you have infinite amounts of time and computers. What I'd like to know is a realistic assessment of its insecurity. Dantz is saying it is secure enough for the majority of commercial uses. Is the average script kiddie going to find SimpleCrypt easy to crack? Really I'm trying to make a risk assessment. Of course I restrict access to my tapes, but in one location I run backups, that's impractical. If SimpleCrypt's encryption is defeatable by an expert in 24 hours, I'm definitely going to alter my security practices. That's the kind of risk assessment I'd like to find out. How easy is it to beat SimpleCrypt and/or DES? Todd On 2/27/01, Douglas K Wyman emailed about Re: Encryption protection: You're kidding, aren't you...? Better to think about moving away from the canal and up to some high ground...or to a state that isn't sliding into the ocean so soon... Seriously, physical security should always be your first priority. Suppose someone decides they don't like you, or gets curious, or notices what a raging success you are and takes the tapes hostage etc, etc, etc. Belt and braces, that's my policy. Regards, Doug. Eric, Thanks for your reply. What I would like to know is what kind of computing horsepower is necessary to crack SimpleCrypt's encryption protection? If someone acquired a tape from me that was encrypted, what kind of resources would it take to get into the data? What about DES? Everyone on this list is probably familiar with some of the distributed computing attempts to crack advanced encryption algorithms. What would it take to crack SimpleCrypt? If it turns out that the data is fairly easily accessible to someone with advanced hacking skills, I'll start locking my tapes up and taking other security measures. Todd Reed From: Eric Ullman [EMAIL PROTECTED] Reply-To: retro-talk [EMAIL PROTECTED] Date: Mon, 26 Feb 2001 07:51:00 -0800 To: retro-talk [EMAIL PROTECTED] Subject: Re: Encryption protection Good question, Todd. Basically, Retrospect's SimpleCrypt encryption method is faster than DES, but the tradeoff for speed yields a less robust encryption scheme. Conceivably, it would take less time to decipher data that had been encoded with SimpleCrypt than with DES (or some other strong encryption method). Encryption should never be relied on as the sole means of keeping your data from unwanted access. It should always be used in conjunction with physical security measures. Any data important enough to worry about someone cracking its encryption method is important enough to restrict access to. One benefit of backing up computer data to compact, removable media is that it is relatively easy to collect and store in a secure location. Don't dismiss this advantage. I hope this helps. Eric Ullman Dantz Development Todd Reed [EMAIL PROTECTED] wrote: On a mailing list I inhabit, the quality of Retrospect's encryption was challenged as being inadequate. The comment was that neither DES or Dantz' proprietary Vernam cipher would be secure from a serious attempt to retrieve stolen backup data. What's the scoop here? I've been running on the assumption that if I lost a tape under mysterious circumstances that the information would be unrecoverable. How does SimpleCrypt compare to DES and how hard would someone have to try to break the encryption? -- -- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives: http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050. -- -- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives: http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Re: Encryption protection
That's what I'd like to know. How tough is SimpleCrypt's encryption scheme compared to the amount of resources it would take to crack it? Todd Reed On 2/23/01, David Ross emailed about "Re: Encryption protection": What's the scoop here? I've been running on the assumption that if I lost a tape under mysterious circumstances that the information would be unrecoverable. Nothing is unrecoverable if you have enough time. So the real question is how long would the various choices take to crack. -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050. -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Encryption protection
Hi all, On a mailing list I inhabit, the quality of Retrospect's encryption was challenged as being inadequate. The comment was that neither DES or Dantz' proprietary Vernam cipher would be secure from a serious attempt to retrieve stolen backup data. What's the scoop here? I've been running on the assumption that if I lost a tape under mysterious circumstances that the information would be unrecoverable. How does SimpleCrypt compare to DES and how hard would someone have to try to break the encryption? Todd Reed -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Retroi 5 doesn't use next tape...
I'm working with a PC running the latest version of Retrospect. Unlike the Mac version, whenever the VXA fills up a tape, Retrospect always asks me whether I want to proceed with using the next tape in the series. The next tape is already written with the correct name. On the Mac version, if I run a recycle backup, then Retrospect goes right ahead and uses tape 1, tape 2 or tape 3 in the set without pause as long as the tape has previously been written to the current storage set, or is erased. On the PC, it always asks me whether I want to proceed, and then if the tape should be erased, even though it is the correct one in the series. I've checked the prefs but can't see why Retrospect persists in asking whether the tape should be used. TIA for any help given. Todd -- [EMAIL PROTECTED] Just my two cents worth... your mileage may vary. www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Re: G4s and error 519
I'm having the same type of problem with a lone G4 on a small network. The other systems there, a blue G3, a beige tower G3 plus a clone and a 6100, all seem to get backed up without fail. I tried replacing the 10Bt hub with a Linksys 10/100 hub thinking that would do the trick. It seemed to let the backups go a little longer, but supposedly the G4 is failing again to get backed up. Has anyone tried putting a new NIC into a G4 instead of using the on board ethernet as a way to resolve this problem? Todd Reed On 11/24/00, Glenn L. Austin emailed about "Re: G4s and error 519": So Retrospect reports errors that it finds in the network setup that doesn't affect ANYTHING else? If these errors existed then why does nothing else complain? I'm sure that it does hit the network hard, but IMO it should be written to cope with that. It should not the task of the customer to swap NICs or hubs or whatever until one is found that works. If a NIC will connect with the network then Retrospect should be able to use it. I can understand your frustration, having been on the "other side" with some products that I've worked on. In my case, in *every* case, the software that I wrote uncovered hardware and system problems that, when corrected, solved other "nagging" stability problems that the users had just accepted. In my opinion, I doubt that the problems don't affect anything else -- more likely is that the problems that are occurring are minor enough that nobody has reported them. That being said, there apparently are some G4 machines that have some problems with their ethernet interfaces. -- Glenn L. Austin Computer Wizard and Race Car Driver [EMAIL PROTECTED] http://www.austin-home.com/glenn/ -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050. -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
retrospect and filemaker
Hi, I've been examining the backups I'm doing with open Filemaker Pro databases. I guess the party line from Dantz is that it's a bad thing to back up open database files. On our backup LAN, we back up a Filemaker server using the remote client control panel (on a Mac) and the files get backed up without problem. On another network I manage, the backup server has open filemaker databases and they back up normally as well. On a third network, the Filemaker server gets backed up using personal file sharing. These files always fail to back up with errors. On this machine, the Filemaker server copies its files to another directory nightly, and the copies get backed up no problem at backup time. I figure that if I have 'verify' turned on, and the log doesn't indicate a problem that the database files are getting backed up okay. Is this the experience of the list, or should I be practicing preventive paranoia? Todd Reed -- -- Infoasis --- 534 4th St., Ste. 2 --- San Rafael, CA 94901 (415) 459-7991 --- FAX: (415) 459-7992 [EMAIL PROTECTED] --- http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Re: VXA Mac Tool
The VXA isn't on a PPC as the backup server. The PPC is only a workbench I'm using to test the drive. I'm trying to figure out why the device is always blowing up in use with hardware sense code failures or stuck tapes. This is the second drive we've gotten from Ecrix. The backup system is a blue G3 with an Adaptec 2930CU card installed for the SCSI bus. I can't find any firmware updaters or drivers on Adaptec's site for this card for Macintoshes. I'm thinking of putting the tape drive on its own bus with an Adaptec 2906 SCSI-2 card. Needless to say, I'd really like this drive to be rock stable, and so far it hasn't been. If anyone has any advice pro or con on using the 2906, I'd like to hear it. On 9/27/00, Jon Gardner sent an email about Re: VXA Mac Tool I'm running it on a beige G3 300MHz desktop. I wouldn't trust a Power Computing system as a backup server...those are the Packard-Bell of the Mac clone world. -- -- Infoasis --- 534 4th St., Ste. 2 --- San Rafael, CA 94901 (415) 459-7991 --- FAX: (415) 459-7992 [EMAIL PROTECTED] --- http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Re: VXA Mac Tool
Has any one had any luck using the VXA tool on a Mac? My version just bombs with some cryptic error that it can't find the target. Doesn't crash, but doesn't find the drive either though the drive is listed in the window. Todd On 9/26/00, Geoff Rainville emailed about "VXA Mac Tool": There was some talk on this list last week about the VXA Tool for Mac. It is now live and posted on the ecrix.com site, in the support section. VXATool for MAC is a MAC based utility used to configure your VXA-1 tape drive. With VXATool, you can check and uplevel firmware, optimize the drive for speed or capacity, and toggle compression off or on. As someone mentioned last week, this ain't a pretty program, but just a nice, functional tool. Enjoy, and thanks for VXA support. http://www.ecrix.com/support/download.html --Geoff Rainville, Ecrix. -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050. [EMAIL PROTECTED] www.infoasis.com Just my two cents worth... Your mileage may vary -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Appletalk backup problems
I've set up a new backup system for 25 workstations using a blue G3, an Ecrix drive and 100B-t ethernet. All the systems on the LAN were backing up nicely except for one server, a blue/white G3 running Filemaker server 3.0. For security reasons, this system was set up with the Retrospect AppleTalk client, and IP was not loaded. I noticed that the machine was backing up very slowly, the data getting backed up at about 6-7 megs a minute, unlike any other system on the LAN. In order to resolve this problem, I loaded TCP/IP and gave the system a nonroutable IP address (192.168...) but Retrospect couldn't see the system. I thought Retrospect would address systems on different subnets (on the same cable), but consequently I guess that this was a mistaken notion. Anyway, it didn't work. So, I reinstalled the Appletalk client. Now Retrospect wouldn't even see the server at all. Nothing I did would get the Retrospect server system to acknowledge the Filemaker server, even though I could see the system using MacPing or personal file sharing. Finally I set up the system to be backed up using personal file sharing and got a gratifyingly high backup ratelike 60-70 MB/min. I'm wondering what could be happening here. What would prevent Retrospect from seeing an Appletalk client on this network? Todd Reed -- Infoasis --- 534 4th St., Ste. 2 --- San Rafael, CA 94901 (415) 459-7991 --- FAX: (415) 459-7992 [EMAIL PROTECTED] --- http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Problems?: [EMAIL PROTECTED]
Orb drive backups
I'm helping a small office set up a back up system. Since they are pretty budget conscious, I had thought to use an Orb drive and Retrospect. I've tried using Retrospect and Orbs previously without success. On a multiple member storage set, Retrospect could not get the first Orb cartridge to eject and generated an error message. This happened multiple times and I finally gave up trying to get it to work. Possibly it was a defective Orb. Is anyone on the list using Orbs to do backups and what problems are you having if any? Are there any specific issues that would preclude using Orbs? Todd Reed -- Infoasis --- 534 4th St., Ste. 2 --- San Rafael, CA 94901 (415) 459-7991 --- FAX: (415) 459-7992 [EMAIL PROTECTED] --- http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Problems?: [EMAIL PROTECTED]
IP numbers on clients
I'm wondering if there's a way to see what IP # the client is using from within Retrospect? It would be a useful administration tool, and save me running around physically to make a subnet map. If there is no way currently, I'd like to make a feature request that the IP# be shown in the network window for logged-in clients. Todd Reed -- Infoasis --- 534 4th St., Ste. 2 --- San Rafael, CA 94901 (415) 459-7991 --- FAX: (415) 459-7992 [EMAIL PROTECTED] --- http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Problems?: [EMAIL PROTECTED]
Ecrix Tool
I have installed my first VXA drive at a mixed Mac/PC LAN of about 25 systems total. It's a switched 10/100B-t network. I noticed today that the drive was only getting about 29 gigs per tape. After talking with Ecrix, I found out that the drive may be encountering network slowdowns...there are several older systems on the network...and the drive is putting gaps on the tape to compensate. Even more interesting, I found out that Ecrix has a DOS utility that will toggle the drive settings so it will maximize tape capacity instead of speed, which will hopefully get more data on the tape. Okay, so once I locate a Windows machine with 25 pin female SCSI out, or the right adapters, and get the Ecrix tool running and so forth, I will get the drive capacity over 33 megs...maybe. Or I can boot up VPC and see if it can drive an Adaptec 2906 card and the DOS utilityhmmm... I'm wondering if anyone on the list has run into this problem or have any tips on how to diagnose the extent of the problem. TIA Todd Reed ~~ For Mac OS upgrades, hardware or software support call Infoasis Consulting services Mac technicians available on site For help by phone, call us at 415-459-7991 x106 415-459-7992 fax Infoasis is a NorthPoint DSL Partner--please contact us if you have questions about business-class DSL services! ~~ -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Problems?: [EMAIL PROTECTED]
4.2 update and DHCP problems
I'm having trouble keeping my DHCP clients activated with Retrospect 4.2 for Mac. The clients, on a 10Bt hub, were all connecting fine via Appletalk and Retrospect 4.1 I began by updating the application to 4.2. Then I went into the client database and began switching client protocol to TCP/IP. After switching, they disappeared from the network. So we began updating the clients by going from system to system and running the updater. The next day I noticed that the clients were inactive in the client database. After looking at the clients in the network window, the systems also were active in the client database. We updated a couple of systems again that day to get them to 4.2. Next day, again all the clients in the database are inactive. Nothing got backed up the night before. I know at least one of the clients got a full install of 4.2 from scratch, not an update. I could use some suggestions as to why this is happening. Todd Reed Infoasis Internet Services534 4th St., Ste. 2San Rafael, CA 94901 (415) 459-7991 FAX: (415) 459-7992 [EMAIL PROTECTED] http://www.infoasis.com -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Problems?: [EMAIL PROTECTED]