[H-GEN] DVD+RW media for backups

Greg Black gjb at gbch.net
Tue Nov 18 19:34:33 EST 2003


On 2003-11-19, Anthony Towns wrote:
> On Tue, Nov 18, 2003 at 05:46:49PM +1000, Greg Black wrote:
> > On 2003-11-18, Anthony Towns wrote:
> > > Why not just use gpg? (It does symmetric encryption stuff as well as the
> > > traditional PGP emaily stuff)
> > I'll be using proven off-the-shelf encryption code (probably
> > cryptlib) to do the heavy lifting.  My C code will simply be a
> > wrapper that sits in the existing pipeline to ensure that what
> > goes to tape is encrypted and in such a way that I will have a
> > decent chance of extracting it unencrypted should the need for
> > that arise.
> 
> Heh. That still didn't answer my question. :)

Sorry, it was meant to.

> AFAIK, gpg can do all the encryption stuff you might want from the command
> line; and I don't think there are any questions about its portability
> or reliability... Size could be a factor, I guess. Or other random things.

I've got nothing against gpg per se -- after all, I use it every
day and recommend that others use it.

I suppose there are two reasons why I did not consider it.  In
the first place, I'm a programmer -- so I don't ever think of
using programs that are principally designed for interactive use
in scripted pipelines run from cron.  Just as I'd never use mutt
(which I use for all my interactive email stuff) to send email
from such a script, or Emacs (which I also use for most of my
interactive editing, including writing this message) to do the
job of sed or awk, I just would not think of using gpg there
either -- unless there was just no alternative.

The other factor is that I have three encryption-related jobs on
my todo list at present, of which this backup thing is just one.
Neither of the others could possibly be handled by gpg.  So I
had already decided to adopt cryptlib[1] (or some other similar
toolbox) for the other projects.  But they are more complex and
less urgent, so it seemed obvious that I would use the backup
software as my learning exercise for cryptlib.  In particular,
because I use it every day, it would get plenty of exercise and
oversight and checking in normal use, so I'd learn about any
problems quite fast.

However, if somebody wanted to add encryption to their backups
and was not a programmer and never expected to need to use
something like cryptlib, then I'd say that gpg would probably be
the tool of choice for them.

I hope I've finally managed to hit this nail on the head.

Cheers, Greg

[1] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20031119/1d7bad30/attachment.sig>


More information about the General mailing list