Re: [Duplicity-talk] Stream Vulnerability

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Stream Vulnerability

From:	edgar . soldin
Subject:	Re: [Duplicity-talk] Stream Vulnerability
Date:	Sun, 31 Aug 2014 13:56:31 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0

On 29.08.2014 23:30, Jonathan Brown wrote:
> Could anyone tell me if Duplicity is vulnerable to stream encryption 
> vulnerabilities utilizing GPG? This blog post talks about issues affecting 
> encryption that uses GPG and I would like to know if there is any reason to 
> be concerned. Thanks
> 
> https://www.imperialviolet.org/2014/06/27/streamingencryption.html 
> <mailto:address@hidden>
> 
> 

it's unclear to me how an attacker might use this vulnerability in case of 
duplicity. can you give an example?

generally duplicity has all flaws of gpg. volumes/files are created by piping 
them into a gpg process and using the resulting encrypted files.

..ede/duply.net

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Stream Vulnerability, Jonathan Brown, 2014/08/29
- Re: [Duplicity-talk] Stream Vulnerability, edgar . soldin <=
  - Re: [Duplicity-talk] Stream Vulnerability, Martin Pool, 2014/08/31
- Re: [Duplicity-talk] Stream Vulnerability, Nate Eldredge, 2014/08/31

Prev by Date: Re: [Duplicity-talk] Behaviour upon 'Full' backup after incrementals
Next by Date: Re: [Duplicity-talk] Stream Vulnerability
Previous by thread: [Duplicity-talk] Stream Vulnerability
Next by thread: Re: [Duplicity-talk] Stream Vulnerability
Index(es):
- Date
- Thread