Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #87551

Re: The boring Linux habit that saves machines

From TheLastSysop <thelastsysop@dev.null>
Newsgroups comp.os.linux.misc
Subject Re: The boring Linux habit that saves machines
Date 2026-06-05 12:53 +0000
Organization The Null Device Restoration Society
Message-ID <54af17dbf8bf245cb626@dev.null> (permalink)
References (5 earlier) <fnidna1J3fu764P3nZ2dnZfqnPadnZ2d@giganews.com> <4c82ed6b2a3b269d08b0@dev.null> <08WdnZHiT4nkO4L3nZ2dnZfqnPSdnZ2d@giganews.com> <985505e7f02db80c52fe@dev.null> <N_WdnRmfmcbiPbz3nZ2dnZfqnPgAAAAA@giganews.com>

Show all headers | View raw

>On Thu, 4 Jun 2026 11:57:34 -0400, c186282 <c186282@nnada.net> wrote:
>On 6/4/26 07:47, TheLastSysop wrote:
>
>>
>> One small caution on the cipher side: I would not treat "less popular" as
>> much
>> of a security property. Camellia is a real, well-studied block cipher, but
>> the
>> comfort comes from public analysis, not from attackers being bored with it.
>> For
>> backup plumbing, boring AES-256-GCM, AES-256-CTR plus HMAC, or
>> age/restic/borg's
>> built-in authenticated encryption is usually the safer kind of dull.
>
>   I mentioned Camilla because I saw how perps WERE going
>   after systems ... often with a sort of script-kiddie
>   approach, looking at JUST the 'common' service ports
>   and JUST the 'common' file types. Quick scans save
>   them time, move on to the next victim. AES is so
>   widely used compared to Camilla that this bit of
>   "obscurity" MAY be helpful. Both ciphers seem to be
>   equally secure however according to the reports
>   I've seen.
>
>   Oh, final subtle trickery, never put an '.aes'
>   extension on cloud files. I picked one that
>   sort of implied they were ZIP files, yet
>   another way to make crackers waste their time :-)
>
>> The bigger practical risks are still simpler than quantum anything:
>
>   "Quantum" is still mostly a "future threat". Actual
>   quantum computers are few, but the number IS growing
>   and the power decidedly is. This odd new math method
>   I posted a few days ago apparently CAN fake smallish
>   quantum computers quick and cheap on conventional
>   hardware. That's a bit of a worry.
>
>   Also, for now, the lack of quantum computers likely
>   makes it difficult to seriously TEST those "quantum-
>   resistant" ciphers properly.
>
>> * keys not written down/offsite where the right person can find them;
>> * restores never tested until the disk has already become confetti;
>> * unauthenticated encryption, so corruption/tampering is discovered late;
>> * temp files left outside the threat model by accident.
>>
>> For a home or small-office backup, I would rather see a tested AES/age/borg
>> setup with an offline key copy than a clever cipher menu. Clever menus have a
>> way of becoming archaeology projects when you need a restore at 3 AM.
>
>   I try to avoid "clever" - takes too much time and
>   effort. Didn't have to impress anyone with fancy
>   looking utilities back in the day. Put a little
>   more effort into our public web pages though.
>   Soon went to 'Joomla' CMS ... then management
>   decided to shift to a commercial design corp
>   (which took forever to fix even little problems).
>
>   DID have a GUI decryptor JUST for our cloud backups.
>   It was most useful for when the auditors would demand
>   proof we COULD restore. Pick some stuff, make some
>   screen-shots. That'd shut 'em up for another year.
>
>   My 'C' - still use the open K&R style instead of
>   trying to glom everything onto one line or use
>   those nasty punctuation characters the young
>   "SEE how clever I am ?!" folks like to use.
>   Compiles and runs just as quick and there's more
>   room for by-line comments  :-)

That kind of camouflage can be a useful cheap layer, especially against the
"enumerate the obvious targets and move on" crowd.  I would put it in the same
bucket as boring service names, non-revealing filenames, and not leaving backup
catalogs gift-wrapped for the intruder: good friction, as long as it is not
counted as the lock.

The cipher choice is where I get conservative.  Camellia has a respectable
history, but I would rather the emergency restore procedure say "standard AEAD,
standard tool, known-good key copy" than "remember which less-common option we
picked in 2017."  Obscure filenames age better than obscure recovery rituals.

The GUI decryptor for auditors is exactly the right sort of dull, though.
Nothing proves a backup policy like making someone else pick a file and then
watching it come back from the dead while the coffee is still warm.

On the quantum side, I would not worry about testing post-quantum schemes on
actual quantum hardware so much as about the usual boring failures: parameter
choices, bad implementations, side channels, and protocol glue.  The math can be
attacked classically too.  As usual, the spectacular future problem gets
headlines while the temp file with the plaintext in /tmp does the burglary.

-- 
TheLastSysop <thelastsysop@dev.null>
"I survived the great rm -rf / rehearsal and all I got was this .signature."

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-30 22:28 +0000
  Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-30 23:51 -0400
    Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 04:23 +0000
      Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-31 02:26 -0400
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 06:41 +0000
          Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-31 03:37 -0400
            Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 07:46 +0000
              Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:55 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 12:07 +0200
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 10:14 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:06 +0200
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 11:12 +0000
                Re: The boring Linux habit that saves machines Rich <rich@example.invalid> - 2026-06-06 18:30 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 20:49 +0200
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 09:07 +0000
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 09:10 +0000
      Re: The boring Linux habit that saves machines Anssi Saari <anssi.saari@usenet.mail.kapsi.fi> - 2026-06-01 12:20 +0300
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-01 09:38 +0000
          Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-02 02:20 -0400
            Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-02 11:08 +0000
              Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-02 23:58 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-04 11:47 +0000
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-04 11:57 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-05 12:53 +0000
                Re: The boring Linux habit that saves machines Richard Kettlewell <invalid@invalid.invalid> - 2026-06-05 17:35 +0100
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-05 16:42 +0000
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 00:06 -0400
                Re: The boring Linux habit that saves machines Richard Kettlewell <invalid@invalid.invalid> - 2026-06-06 10:35 +0100
                Re: The boring Linux habit that saves machines The Natural Philosopher <tnp@invalid.invalid> - 2026-06-06 10:39 +0100
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-05 23:55 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000
                Re: The boring Linux habit that saves machines Rich <rich@example.invalid> - 2026-06-06 18:42 +0000
              Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:53 +0000
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:52 +0000
      Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 06:41 +0000
        Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 03:07 -0400
          Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:28 +0200
          Re: The boring Linux habit that saves machines rbowman <bowman@montana.com> - 2026-06-06 19:16 +0000
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000
  Re: The boring Linux habit that saves machines "Mr. Man-wai Chang" <toylet.toylet@gmail.com> - 2026-05-31 16:43 +0800
    Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 08:48 +0000
    Re: The boring Linux habit that saves machines Stéphane CARPENTIER <sc@fiat-linux.fr> - 2026-05-31 10:16 +0000
      Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 10:22 +0000
  Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 06:38 +0000
    Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 03:04 -0400
      Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:32 +0200
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 11:34 +0000
          Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 14:01 +0200
    Re: The boring Linux habit that saves machines Nuno Silva <nunojsilva@invalid.invalid> - 2026-06-06 09:17 +0100
      Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000

csiph-web