> -----Original Message----- > From: Robert G. Brown [mailto:r...@phy.duke.edu] > Sent: Tuesday, October 04, 2011 1:39 PM > To: Chi Chan > Cc: Rayson Ho; Lux, Jim (337C); t...@postbiota.org; jtri...@mit.edu; Beowulf > List > Subject: Re: [Beowulf] $1, 279-per-hour, 30, 000-core cluster built on Amazon > EC2 cloud > > On Tue, 4 Oct 2011, Chi Chan wrote: > > > On Tue, Oct 4, 2011 at 11:58 AM, Rayson Ho <raysonlo...@gmail.com> wrote: > >> BTW, I've heard horror stories related to routing errors with this > >> method - truck drivers delivering wrong tapes or losing tapes > >> (hopefully the data is properly encrypted). > > > > I just read this on Slashdot today, it is "very hard to encrypt a > > backup tape" (really?): > > > > http://yro.slashdot.org/story/11/10/04/1815256/saic-loses-data-of-49-million-patients > > Not if it is encrypted with a stream cipher -- a stream cipher basically > xors the data with a bitstream generated from a suitable key in a > cryptographic-strength pseudorandom number generator (although there are > variations on this theme). As a result, it can be quite fast -- as fast > as generating pseudorandom numbers from the generator -- and it produces > a file that is exactly the size of the original message in length. > > There are encryption schemes that expend extraordinary amounts of > computational energy in generating the stream, and there are also block > ciphers (which are indeed hard to implement for a streaming tape full of > data, as they usually don't work so well for long messages). But in the > end no, it isn't that hard to encrypt a backup tape, provided that you > are willing to accept the limitation that the speed of > encrypting/decrypting the stream being written to the tape is basically > limited by the speed of your RNG (which may well be slower than the > speed of most fast networks). >
The reason it wasn't encrypted is almost certainly not because it was difficult to do so for technology reasons. When you see a story about "data being lost or stolen from a car" it's because it was an ad hoc situation. Someone got a copy of the data to do some sort of analysis or to take it somewhere on a onetime basis, and "things went wrong". Any sort of regular process would normally deal with encryption or security as a matter of course: it's too easy to do it right. _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
