Marc Doudiet wrote: > I don't trust my laptop (the disk is not encrypted), I was wondering > which risks I'm facing as the file in aliases in private is not > encrypted, so I just modified my backup script with two lines to decrypt > the file and srm it (secure rm). First step (one time) is to encrypt the > file (gpg -c --cipher-algo BLOWFISH private/aliases), and here is an > example script:
Hey, that's a great idea. As you saw, the security of your tahoe files is dependent upon knowledge of the dircap in the aliases file, and thus is equivalent to having access to the (plaintext) aliases file. With your script, you've changed that to an "AND" combination of three things: access to the (encrypted) aliases.gpg file, access to your gpg keyring, and knowledge of the GPG passphrase. thanks! -Brian _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
