[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: symmetric key encryption utilities

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: symmetric key encryption utilities
From: Curtis Collicutt <curtis_(_at_)_ghostitm_(_dot_)_com>
Date: Wed, 4 Jul 2001 23:13:56 -0600

Hi all,

First, thanks for all the comments, I really appreciate
people taking time out of their busy lives to help with
a wee problem.

However, all of the dang utilities I looked at don't do
what I want to do the way I want to do it.

I just want to encrypt a file with a specific key without
a passphrase, the way symmetric encryption was meant to 
be done (and without storing the key in the file). 

Otherwise, with a password the keyspace of the
cipher gets reduced to whatever the size is of the passphrase,
and what's the point of that? I want to rely on the secrecy
of the actual key file, rather than a passphrase.

Openssl can't do it. gnupg can't do it. mcyrpt can't do it.
Yeesh. They all rely on passphrases (even if the passphrase
is empty).

So I'm going to look into doing this myself, probably in python,
but I am not a very good programmer yet (guess I'll have to learn
if I want this to work).

Thanks for all the help,
Curtis.

PS. Don't read this unless you're wondering why I want to do
    what I've said above... 

    The reason I'm doing this is to develop a bit of a secure 
    backup system and I want to encrypt the tar files with 
    a "server key" and then back them up to a backup server.
    The server key would get burned to a cd and stored somewhere
    in case I need to decrypt the backup file.

    My reasoning is that if someone roots the server then they
    already have access to all the files, so I don't really care
    that they have access to the key to decrypt the backup files.

    But if they root the backup server then they won't have access
    to all the encrypted backup server files (there would be more
    than one servers backup files on the backup server).

    If I rely on passphrases to keep the server keys secret then
    if they hack the backup server they can spend all the time they
    want brute forcing the passphrase on the encrypted files, which
    due to the way smaller keyspace of a passphrase will take way,
    way, less time, than brute forcing the keyspace of even 40bit
    des.

    If you see any flaws in my logic feel free to tell me. I don't
    know exactly how openssl, gnupg and mcrypt store the symmetric
    key and what the passphrase does, but I'm pretty sure it's not
    what I want. But then again, what the heck do I know...

Follow-Ups:
- Re: symmetric key encryption utilities
  - From: Stephan Eckner

Prev by Date: Re: repeated build stops at a late stage (2.9-current)
Next by Date: sony vaio question - xwindows question
Previous by thread: symmetric key encryption utilities
Next by thread: Re: symmetric key encryption utilities
Index(es):
- Date
- Thread

Visit your host, monkey.org