[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: symmetric key encryption utilities
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: symmetric key encryption utilities
- From: Curtis Collicutt <curtis_(_at_)_ghostitm_(_dot_)_com>
- Date: Wed, 4 Jul 2001 23:13:56 -0600
First, thanks for all the comments, I really appreciate
people taking time out of their busy lives to help with
a wee problem.
However, all of the dang utilities I looked at don't do
what I want to do the way I want to do it.
I just want to encrypt a file with a specific key without
a passphrase, the way symmetric encryption was meant to
be done (and without storing the key in the file).
Otherwise, with a password the keyspace of the
cipher gets reduced to whatever the size is of the passphrase,
and what's the point of that? I want to rely on the secrecy
of the actual key file, rather than a passphrase.
Openssl can't do it. gnupg can't do it. mcyrpt can't do it.
Yeesh. They all rely on passphrases (even if the passphrase
So I'm going to look into doing this myself, probably in python,
but I am not a very good programmer yet (guess I'll have to learn
if I want this to work).
Thanks for all the help,
PS. Don't read this unless you're wondering why I want to do
what I've said above...
The reason I'm doing this is to develop a bit of a secure
backup system and I want to encrypt the tar files with
a "server key" and then back them up to a backup server.
The server key would get burned to a cd and stored somewhere
in case I need to decrypt the backup file.
My reasoning is that if someone roots the server then they
already have access to all the files, so I don't really care
that they have access to the key to decrypt the backup files.
But if they root the backup server then they won't have access
to all the encrypted backup server files (there would be more
than one servers backup files on the backup server).
If I rely on passphrases to keep the server keys secret then
if they hack the backup server they can spend all the time they
want brute forcing the passphrase on the encrypted files, which
due to the way smaller keyspace of a passphrase will take way,
way, less time, than brute forcing the keyspace of even 40bit
If you see any flaws in my logic feel free to tell me. I don't
know exactly how openssl, gnupg and mcrypt store the symmetric
key and what the passphrase does, but I'm pretty sure it's not
what I want. But then again, what the heck do I know...