---- Original message ---- >Date: Thu, 19 Oct 2006 13:04:53 +0530 >From: Girish Venkatachalam <[EMAIL PROTECTED]> >Subject: Re: backup script w/ encryption >To: misc@openbsd.org > >On Thu, Oct 19, 2006 at 01:12:59AM -0500, Jacob Yocom-Piatt wrote: >> # encrypt each dump and remove the original >> if [ -n "$ADMIN" ]; then >> echo "encrypting $FN" >> if [ -f $ROOT/$HOST/$FN.gpg ]; then >> rm -P $ROOT/$HOST/$FN.gpg >> fi >> gpg --homedir $HOMEDIR -e -r $ADMIN $ROOT/$HOST/$FN >PMI but you seem to be doing asymmetric crypto here. I know it is not a big factor here but wouldn't you be better off using some symmetric cipher like AES? > >Just a thought. Of course key distribution is a problem but then for backups it shouldn't be an issue. >
the time it takes to encrypt/decrypt the dumps is negligible compared to the time it takes to generate them. symmetric crypto would make more sense for a filesystem or something where bottlenecks matter more. >Just a thought. Of course key distribution is a problem but then for backups it shouldn't be an issue. for certain. key distribution being annoying here is a good thing since only a few folks should be able to restore backups anyways. cheers, jake
