|
| From: | Kenneth Loafman |
| Subject: | Re: [Duplicity-talk] Setting the PASSPHRASE inside the duplicity program itself |
| Date: | Mon, 26 Mar 2007 16:17:28 -0500 |
| User-agent: | Thunderbird 1.5.0.10 (X11/20070306) |
Charles Knowlton wrote:
The reason I want the passphrase in the program itself so that if an intruder were to get into my server it wouldn't be easy for them do figure it out. If it is directly in the cron(I plan on running duplicity with cron) then the intruder could figure it out real easy compared to knowing that the passphrase is in the program itselfThanks for helping me out.
If an intruder has physical access, it's theirs. PeriodIf an intruder has root access, all bets are off. It'll only take a bit of time to crack the system, unless you're entering the password by hand on each use, then all they'll need is a keystroke logger.
If an intruder has regular user access, most bets are off in all but the most hardened systems. Default Linux and Windows do not qualify as hardened by a long shot.
Bottom line, if the intruder has access to your system, they have varying speed of access to your secrets, but they will get to them eventually. Protect the data once outside the system, but the data inside the system is pretty much the property of whoever has access.
Encrypted file systems only provide limited protection when the power is off, i.e. when a system is stolen before the intruder has gained access. Once they have the system, time is on their side.
...Ken
| [Prev in Thread] | Current Thread | [Next in Thread] |