Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
duplicity and encryption good practices
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vcmota
Apprentice
Apprentice


Joined: 19 Jun 2017
Posts: 162

PostPosted: Mon Feb 24, 2020 2:02 am    Post subject: duplicity and encryption good practices Reply with quote

It seems to be a general rule for good encryption practices that one should not keep at the machine an encrypted file together with its original unencrypted version, since this would allow for an easier attack on the encryption. My question is: does this rule still applies if I keep on the same machine a given unencrypted file and its encrypted version generated with duplicity? I am asking because when looking at the encrypted files generated with duplicity there seems to be nothing linking those files with the original ones. This seams to be different from the situation where you store the file "test.dat" together with the file "test.dat.gpg".

Thank you all.
Back to top
View user's profile Send private message
C5ace
Guru
Guru


Joined: 23 Dec 2013
Posts: 315
Location: Brisbane, Australia

PostPosted: Mon Feb 24, 2020 10:19 am    Post subject: Reply with quote

Bad practice!

The original file should be opened and the data contained therein encrypted in place without creating a new file. If a new file with the encrypted date is created, the contents of the original file should be be replaced with random garbage, saved and then deleted. Good encryption software does both automatically.
_________________
Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as python, perl, C++, C#, Rust and the likes.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14922

PostPosted: Tue Feb 25, 2020 2:46 am    Post subject: Reply with quote

If you retain the unencrypted file, why should the attacker bother attacking the encrypted copy? He can just read the unencrypted copy.

Good cryptographic tools try to mitigate against the known-plaintext attacks by using a randomly chosen single-use key for the encryption, sealing that random key with the long term key, then bundling the sealed key with the ciphertext. Even if the attacker derives the single-use key, that does not give him the long-term key used for other things. Typically, the single-use key will be sealed using a asymmetric encryption. Breaking that is considered to be a very hard problem.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum