duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Manifest stores SHA1 hash of files, checked before res

From: Chris Poole
Subject: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?
Date: Wed, 13 Jul 2011 16:53:20 +0100 
Hi

My question relates to a possible attack vector:

Alice uses Duplicity to backup some documents, using encryption, but
no gpg signing.

Eve replaces a .difftar.gpg file on the remote server with another
one, also encrypted using Alice's public key, but containing something
bad.

Alice then wants to restore a file, which happens to be in this bad
.difftar.gpg file.

Signing the volumes with Alice's private key would prevent this
attack, as Eve would be unable to provide the signature.

It's my understanding that the manifest file stores the SHA1 hashes of
the .difftar.gpg containers, so even without the sign key option being
used, Duplicity would throw an error since the hash would be
different. (It's to be assumed that Eve doesn't know what's in the
original .difftar.gpg file.)

Is it correct that in this situation, the SHA1 hash is pointless? Eve
could just hash each .difftar.gpg file (including the one she
modified), construct the manifest file and encrypt it with Alice's
public key, then replace the manifest file.

Neither Duplicity nor Alice would realise that the file had been
altered when she restored it. (Thus, it's very important to sign
backups being stored in untrusted locations.)


Or am I missing something?


Cheers

Chris Poole
[PGP BAD246F9]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]