On Thu, Jun 29, 2000 at 02:03:21PM -0400, Sunder wrote:
>
> Harmon Seaver wrote:
> >
> > Does anyone know of a way to encrypt tape backups using tar or
> > cpio? Other than the obvious prior use of an encrypted file system?
>
> tar cpvf - dir1 dir2 ... dirN | gzip -9 | crypt {password} | dd of=/dev/rmt/0
>
> The drawback is that your password is stored on the command line, so the unix
> crypt commmand isn't the best thing in the world, nor is it that secure.
Yep. The old "unix crypt" (not the password crypt) was a weak algorithm
that was broken in 86 (or earlier)... there was a "crypt breaker's
workbench" published then. It's similar to the enigma except there is
only one "rotor" with 256 "letters".
crypt on Linux is the modified-DES password crypt which is a very poor
API to do DES with.
SSleay/OpenSSL has a bunch of good bulk algorithms and can be run
as part of a pipe with a small wrapper script.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
Security consulting: security models, reviews, protocols, crypto.
