Re: Encryption protection
On Wed, 28 Feb 2001, Todd Reed wrote: I understand from the replies here that SimpleCrypt isn't secure, at least in the sense that with enough time the encryption scheme can be defeated. That's true for any scheme if you have infinite amounts of time and computers. What I'd like to know is a realistic assessment of its insecurity. Dantz is saying it is secure enough for the majority of commercial uses. Is the average script kiddie going to find SimpleCrypt easy t I wouldn't believe that claim unless I saw the source for their algorithm (not that I could review it but a thorough peer review would be necessary to say the least to backup the claim - no pun intended). Since 56-bit DES is pretty easy to crack (it took all of three days on distributed.net a few years ago and dedicated hardware is now available for that job), and SimpleCrypt is an unpublished proprietary algorithm, it logically follows that SimpleCrypt is also simpler to crack. I'm curious about the DES encryption actually - it doesn't seem to matter if I have encryption turned on or off - backups seem to take approximately the same amount of time. What exactly is being backed up: the data stream between client and server, the contents on the tape, the catalog (on disk) or the header on the tape (or any combination thereof)? Basically, Retrospect's SimpleCrypt encryption method is faster than DES, but the tradeoff for speed yields a less robust encryption scheme. Which basically says, to me, that its not very strong at all :) Kevin -- Kevin M. Myer Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717)-560-6140 -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.
Anyone with working multicast/broadcast setups?
Hi, We have been moving some servers around here and one of the services that got moved to a new machine (and a new subnet) is our Retrospect backup software. One of the immediate problems I found was that I could no longer see the majority of my clients from the server. [Actually this problem existed before but since the server was originally on the subnet that most of the clients were, it wasn't hard to enter the remaining clients by address - however with DHCP and the addition of remote sites, this becomes unmanageable]. I have 7 class C subnets that I wish to search for clients in. The LAN is a switched network with mostly Cisco Catalyst 2924s. We have a Cisco 8540 layer 3 switch in place as well. The problem is that, for good reason, we have the layer 3 switch to not forward directed broadcasts to prevent smurf attacks - and thats exactly one of the mechanisms Retrospect uses to discover clients - a directed broadcast to the subnet. We tried to get the multicast stuff working via some configuration changes on the layer 3 switch but thats going to take some more research. So I'm wondering if anyone has Retrospect working in a multiple subnet environment with Cisco equipment AND with some reasonable security precautions in place (like "no ip directed-broadcast"). Better yet, anyone have it working with multicast, as this would be a preferred way to do this I think. For reference, clients are mostly Macs running 4.3 over TCP/IP, the server is also a Mac running 4.3. Thanks, Kevin -- Kevin M. Myer Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717)-560-6140 -- -- To subscribe:[EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives:http://list.working-dogs.com/lists/retro-talk/ Search: http://www.mail-archive.com/retro-talk%40latchkey.com/ For urgent issues, please contact Dantz technical support directly at [EMAIL PROTECTED] or 925.253.3050.