enkore
commented
7 years ago Why not print multiple copies? If you require n-out-of-m, cut them into stripes.
Or, use tools like par2 or python-zfec.
Closed rugk closed 7 years ago
enkore
commented
7 years ago Why not print multiple copies? If you require n-out-of-m, cut them into stripes.
Or, use tools like par2 or python-zfec.
rugk
commented
7 years ago Why not print multiple copies?
Because when one is stolen, the thief got the key. When you have a n of m approach you need at least 2 ones.
If you require n-out-of-m, cut them into stripes.
Haha, never thought about that, but it is really unreliable. Especially as you have the paper backup and QR code on the same site, so it may happen that one can restore the key from the half of the site by combining the information in the QR code and paper. Really, that's just not professional and can leads to problems.
That's why a n of m thing would be good, not multiple m's or so… That's not the point.
Or, use tools like par2 or python-zfec.
par2 seems to be about some error correction. Don't know what this could help here. It can also split files looking like splitted ZIP archives, but how on hell should I print them afterwards…? That's ugly.
zfec also just generates some redundant blocks of data. I have no idea how this could help with this issue/is even related to it…
Basically I imagine something similar to how Armory (it's FLOSS) does it. See https://www.youtube.com/watch?v=nyeMtM-Gclw. They call it "fragmented backups". They also have a secure print (https://www.youtube.com/watch?v=sm3JTO6c6NU) feature but well…
enkore
commented
7 years ago zfec also just generates some redundant blocks of data. I have no idea how this could help with this issue/is even related to it…
Blocked FEC implements what you describe. FEC splits some data into a number of blocks (=m) of which any subset of size k (=your n) is sufficient to reconstruct the original data. Having less blocks than the limit k yields an underdetermined system which has no unique solution, i.e. a virtually infinitely large set of solutions.
(Note that block erasure codecs, like zfec, by themselves are neither error detecting nor error correcting codes; bad blocks simply result in bad data)
Because when one is stolen, the thief got the key. When you have a n of m approach you need at least 2 ones.
The exported key is still encrypted with your passphrase. So, set a passphrase, then export.
Especially as you have the paper backup and QR code on the same site, so it may happen that one can restore the key from the half of the site by combining the information in the QR code and paper.
So... cut the QR code off?
rugk
commented
7 years ago Okay, I understand FEC now, but that's still a low-level utility there and as it is python you could include it in borg. And that's about all that I am asking in this issue.
I mean the thing here is a new feature ("enhancement") I am proposing and it should try to avoid trading security against usability – what is, AFAIK, also your general aim in borg.
Of course I as a user could use some low-level block splitting tools like you proposed, then split the key, reencode/base64/whatever it, so I can print it in a nice way and include it in a QR code. However, that's crazy. Nobody does that.
The desired behaviour would be a simple call borg key export --qr-html --split-num 3 --split-require 2 split1.html split2.html split3.html ( or similar), so you have all these backups ready. And there you can also use the nice per-line checksums in borg's paper backup e.g., which I could not use when doing my own self-created approach (which could, BTW, also be a security risk as you should never built your own crypto stuff…). And cutting of the QR code is also no solution, because of course I want that feature – QR-code scanning.
That's why I'd like an implementation in borg and also urge you to reopen this. It could be in borg v2, no problem. This is a long-standing feature request. (Edit: Just saw you have a later tag, so maybe use this one here.)
Have you watched the video I linked? There you can see how such a thing can work. It's a GUI application obviously, so your implementation could be way easier in a CLI, with less explanatory things.
So finally about the point of "Why should you want to do something?". As you said:
The exported key is still encrypted with your passphrase. So, set a passphrase, then export.
Ah, yeah, of course, but people are different, people have different use cases and here are some where this feature request would be useful:
enkore
commented
7 years ago I'll think about this some more when I'm not quite so preoccupied as right now.
A quick note: Please don't try to use a block erasure code (like zfec) and assume that "Having less blocks than the limit k yields an underdetermined system which has no unique solution, i.e. a virtually infinitely large set of solutions." is cryptographically secure; it is not. A subset of the blocks required to uniquely decode the message can still reveal a fraction of the original message (i.e. parts of the key).
rugk
commented
7 years ago Ah, okay, that's of course right. Don't know how Armory does it, it's open-source so you could have a look. However also the "algo" "cutting the piece of paper into parts" is affected by this problem.
enkore
commented
7 years ago That'd be secure secret sharing.
Add an option to "borg key export", which allows to split the backup key into multiple parts, so you need "k of n" to restore it and print multiple pages.
E.g. when I have three different locations for storing the paper backup and I want to have some redundancy should one backup get lost, I could choose "2 of 3" (command e.g.
borg key export --split-num 3 --split-require 2;split-requiredefaults tosplit-numandsplit-numis 1 by default, so that the old behaviour is the default). Then on the page with QR code or paper code or so there is another line:This is somewhat similar to https://github.com/borgbackup/borg/issues/2428 for backups, but I think this issue here is far easier to implement.