[Whonix-devel] [qubes-devel] How secure is Qubes dom0 backup tool encryption?
Andrew David Wong
adw at qubes-os.org
Sun May 7 19:49:06 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-05-07 12:37, Patrick Schleizer wrote:
> How are chances that the encryption could be broken? How likely
> are there issues with the implementation?
>
I'm not aware of any reasonable methodology for providing answers in
the form of probabilities, so instead I'll provide a more subjective
answer: very low.
> Should Qubes dom0 backup tool encryption be relied upon or would it
> be more advisable to put backups on luks / dm-crypt encrypted
> disks?
>
They're not mutually exclusive. You can do both.
I'm the one who reported the key derivation issue [1], but even I
think qvm-backup is plenty safe as long as you use a high-entropy
passphrase. (This will no longer be an issue when we switch to scrypt
in 4.0. [1]) I personally rely on it for my most confidential data,
and I'm confident that it's not the weakest link in my setup.
[1] https://github.com/QubesOS/qubes-issues/issues/971
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZD14PAAoJENtN07w5UDAw53YP/jPuxBHObBT0d3Qk5KL8n9eY
4FM3dnF8HUi0PL4akN8HKb+QnAXq1HtPqLOzz0rJVjF0BbZDE6Dfcvvkmp6rr5zd
NbFgLRfPdPTQ7jrPnkilb90SqTeoJhihtKsroK0JM4ETicy55yyLITNYZU0nNViR
FlN3odTNesjWA3HT8Ig9HR7RfIupB6+VhC4MOarQHe2hoyaMUxwgNH0UBnCm6tAK
mSTbqGyBk0Pla45AC0246veoNlReUGDB56JOaHAisvJGShhlqzb0CC+57UEvPBwh
4eVkzcbZTQGe7txyfkYGiZ/DnJ/s6QOGeahclqnnSRgUKn6ZuuvmFSdthKbFCWpe
kboqWoatKjJXr2byUigaHaFEqQylHdX3eOokLL9VrCJRNqZtxoUYxNSyDJL/3fp3
8zuB6uKRxSEb29qJZRuBoMTzdH88XotdG3rxUvBWpkiGw92G2y7WFjH2HPfexfKi
0dTJ9sof/9V5Kyg1N2N2/B0p8Cd5lEuEay2UcbKL7RVeMAGzB2U7R/p9kUUcv5Cw
OY0rS/bSP9n3USPXZWvASkPM263Ue8RmUdyCdk35XAtlEURUCrfGMTZ0HkfKDoUH
W5h6XLG8tM8bIAkt1X8hbtom5G5w+hEFpmsobgYcpdBPIgqqui6F3iVmFoAblaTw
7/YB8/FSOQOd95lVIiEY
=OXtE
-----END PGP SIGNATURE-----
More information about the Whonix-devel
mailing list