Code Monkey home page Code Monkey logo

Comments (2)

Tedpac avatar Tedpac commented on June 9, 2024 1

When a repository is opened, the repository password is stored locally so that there is no need to ask for it every time Kopia has to perform a task, therefore, anyone who has access to the computer will be able to see it. That said, what is the need to ask for a password that is already available locally?

It seems to me that a validation that the password is not repeated would only be beneficial to prevent Kopia from making unnecessary changes to the repository (since the password is the same). I don't know if this is already implemented. From a security point of view I don't see any benefit in this validation.

from kopia.

out-of-heap-space avatar out-of-heap-space commented on June 9, 2024

I understand your objection.
What you say basically means that everything depends on the hardening of the operating system.
My argument comes from the ObjectLock feature. Kopia supports this. What's the point of this feature if the attacker has made it into the OS. He simply bypasses the last line ObjectLock by changing the Kopia password.
In my case, I run backups via the Task Scheduler with a technical user. That seemed easier to me than making Kopia a service on Windows.
In my case, I don't disconnect after every backup, but leave it open. In my opinion, a separation would not bring any more security. On the one hand, because the connection can be established manually via the task scheduler and on the other hand, because the S3 connection data is also stored in plain text. So full access for the attacker, up to the ObjectLock/Retention limit.
To return to the attack scenario. The attacker changes the password and simply waits for the retention and then strikes.
The only way to handle this scenario at the moment would be to regularly re-establish the connection, but this would have to be done manually.
Hence my argument. The ObjectLock protection doesn't help if I can no longer access my (good and encrypted) backups because of the unknown password.

Or (and now it goes into the Kopia architecture, which I may not know very well) I can do an initial or regular offsite backup of these two files kopia.blogcfg and kopia.repository
protect my backups? So reset the old repo password and access the latest (encrypted) backups?

We can of course discuss the probability of the scenario occurring. But maybe I'm missing something; therefore the discussion also increases understanding.

from kopia.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.