Question for crypto (as in cryptographic) nerds, I am looking for an automated solution for on-prem backups that encrypts said backup. The plan is to take said encrypted backup and store it off sight. Prefer open source, and for further context consider this "home lab" although it does involve multiple servers with public IPs etc. I do not want to have the encryption key easily reachable like in plaintext in a config file.
Right now this is all happening manually, but automated would make this so much easier. It does not have to be a full end-to-end solution, even just the encrypting part being able to be automated would be fine as I could simply script around it. Thoughts and recommendations?
@simplenomad it's not open source but Veeam with an encrypted S3 bucket is an option if I am understanding correctly. they have a free plan. I personally use a Synology NAS and backup to Wasabi S3 from there
Isn't RSA the current secure solution for the corresponding encryption/security on the browser with JavaScript?
»Galois/Counter Mode and random nonces:
It turns out you can encrypt more than 2^32 messages with AES-GCM with a random nonce under certain conditions. It’s still not a good idea, but you can just about do it.«
This is part of a wry joke at the expense of LISPers and lambda calculators:
"... the heretic is chained in the dungeon where he is forced to learn Common Lisp on a Commodore 64 and interact with rapacious Lemmy-ings and Mastodonians."
Early on in my hobby I came to the realization that cryptographic prowess has no viable market price point. More's the pity. Yet I think one day I may change that with my secrecy sauce.
@kubikpixel the user didn't practice great secops and put in an apple email as the recovery address. Swiss law requires proton to give up that decryptable recovery address. It's then #apple who handed over name, address and phone number. But apparently that doesn't make a good headline
The tech, simply put, works like this: When you create an account for a website or app, your device generates a cryptographic public-private key pair. The site or app backend gets a copy of the public key, and your device keeps hold of the private key; that private key stays private to your gear. When you come to login, your device and the backend authentication system interact using their digital keys to prove you are who you say you are, and you get to login. If you don't have the private key or can't prove you have it, you can't login.
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
Structural security trumps computational security ... or ...
Diffuse structural security trumps amalgamated computational security ...
All your big, strong passkeys in one basket is less secure than your passwords in many individual baskets ...
Trying to explain this to tech bros can resemble pushing a wagon uphill ...
Because they want to sell something, logic is not paramount.
"A password in my brain is generally safer than an app or SMS stream that can be compromised. Although a passphrase may in some cases not be computationally more secure than a token mechanism or two-factor sytem, the simple passphrase is often structurally more secure because that passphrase only links to and exposes one service target."
"I like to compare it to having one basket of eggs in one spot, and many baskets of eggs in many places. If your one basket of eggs has the master key to all the other stronger keys, is it easier to get the one basket, or the many baskets with weaker keys? So in this scenario cipher strength is not the most important factor for security. With a single basket one fox or pick-pocket or one search warrant can own all of your eggs for all your services."
My CS course in algorithm analysis had us implement a large num library (good for exploring n log n vs n^2 etc with practical examples) to the point where we could do exponentiation mod and implement RSA. It was a neat series of exercises.
And on the mathematics track, I took a course in the cryptography. Interesting but not always easy to follow (the "why" of key sharing algorithms "n out of m secrets needed" work was hard for me,, as was ECC).