[Whonix-devel] [qubes-devel] How secure is Qubes dom0 backup tool encryption?

• Previous message: [Whonix-devel] [qubes-devel] How secure is Qubes dom0 backup tool encryption?
• Next message: [Whonix-devel] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-05-07 17:43, Peter Todd wrote:
> On Sun, May 07, 2017 at 12:49:06PM -0500, Andrew David Wong wrote:
>> They're not mutually exclusive. You can do both.
>> 
>> I'm the one who reported the key derivation issue [1], but even I
>> think qvm-backup is plenty safe as long as you use a high-entropy
>> passphrase. (This will no longer be an issue when we switch to
>> scrypt in 4.0. [1]) I personally rely on it for my most 
>> confidential data, and I'm confident that it's not the weakest 
>> link in my setup.
> 
> FWIW, personally while I frequently use qvm-backup, I always use 
> the password "a", and instead backup to LUKS-encrypted partitions 
> formatted with BTRFS (for crappy authentication via BTRFS's 
> checksums).
> 
> I already rely on LUKS, so I don't see any reason to add another 
> potential vulnerability to my setup.

The main reason would be for offsite non-drive backups (e.g.,
file-based upload).

> For my usage pattern, I'd actually prefer an option to completely 
> remove both encryption and authentication to reduce CPU usage 
> during backups. Based on CPU load, this appears to be the 
> bottleneck on many of my machines (though this could be 
> parallelized).
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZD6jPAAoJENtN07w5UDAw1hwP/2QLqHjdskGO+Gu9ZAwE6c8z
9iJle20bZ3tLVNc2lxSwmrm1xT3YxSpzpWEm6yvB5wTtYk6JEWN9F/Wx9PYiw+sz
uZBqsN/XWy1QtFWPa3+1hLg1jTBBObFGpdU6YGtEunI/hh3q8dHir9Cyii5DxwfA
gaomHyyu8EeMsPlBRex5NPdozWjd5dlugA+Eg9jUKcDZAiTYhTW6tG5KIKUn1RLF
oSv9VUa4fUl9nTWlI4SUcHDhmUBKSrFpG3jh8u26xQ9TDqZEIXSGXhQwm+zychFx
XeO0ucOKsAg4SXqcRHusj8fRj0564wPLYrWJYdZDsKpdFCe5aAHW3HHUF4+lVw+C
u4LDyJMh6iqGuyAidDZQUH5LOrApJryez/BS5DxcvKV7S5tKqu9RqbwDekgrhZhZ
83O/pEjZR0GeDAICuRIfGQTxRBjM3Awx684A2gdKnzDa+OIneoQ9OL0r62SmZ7Tt
ww0ySMtHmnPUbckh51qelLHvb+hJyjSqwFrq4ak/bEXHEyMLH23U2f1owgP2RUIl
l7aEiFUGxxYxWi0wGE1RSBJgXTe9hRzP8+nxD83oFqsmnjvxkvGp9E5KtaGEFNRa
H5aF7gmLcelHJHXRYNkvkhxPA7azGotCxOuJCNEtAixTcDI3CY/ID9fK9cxDvlaE
SVqRN62iZ34x7iDw3cFY
=ETLi
-----END PGP SIGNATURE-----

• Previous message: [Whonix-devel] [qubes-devel] How secure is Qubes dom0 backup tool encryption?
• Next message: [Whonix-devel] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]