building a RAID system - 8 drives - drive-net - tapes

Jakob Oestergaard jakob at
Fri Oct 10 02:58:37 EDT 2003

On Thu, Oct 09, 2003 at 09:31:13PM -0400, Robert G. Brown wrote:
> Each disk has about one fourth of the information.  English is about 3:1
> compressible (really more; this is using simple symbolic compression).
> A good cryptanalyst could probably recover "most" of what is on the
> disks from any one disk, depending on what kind of data is there.

You overlook the fact that data on a RAID-5 is distributed in 'chunks'
of sizes around 4k-128k (depending...)

So you would get the entire first 'Introduction to evil empire plans',
but the entire 'Subverting existing banana government' chapter may be on
one of the disks that you are missing.

> Numbers, possibly not, but written communications, quite possibly.
> Especially if it falls in the hands of somebody who really wants it and
> has LOTS of good cryptanalysts.

You'd probably need historians and psychologists rather than
cryptographers - but of course the point remains the same.  Just
nit-picking here.

> > tape backups are insecure ...
> > 	- lose a tape ( bad tape, lost tape ) and and all its data is lost
> > 	- anybody can read the entire contents of the full backup
> Unless it is encrypted.  Without strong encryption there is no
> data-level security.  With it there is.  Maybe.  Depending on what is
> "strong" to you and what is strong to, say, the NSA, whether your
> systems and network is secure, depending on whether you have dual
> isolation power inside a faraday cage with dobermans at the door.

I'm just thinking of distributing two tapes for each disk - one with
200G of random numbers, the other with 200G of data XOR'ed with the data
from the first tape.

Enter the one-time pad - unbreakable encryption (unless you get a hold
of both tapes of course).

You'd need to make sure you have good random numbers - as an extra
measure of safety one should probably wear a tinfoil hat while working
with the tapes, just in case...   ;)

Of course, if any tape is lost, everything is lost. But one bad KB
on either tape will only result in one bad KB total.

> However, there can be as much or as little physical security for the
> tape as you care to put there.  Tape in a locked safe, tape in an
> armored car.

No no no no no!  Think big!

Think: cobalt bomb in own backyard - threaten anyone who steals your
data, that you'll make the planet inhabitable for a few hundred
decades unless they hand back your tapes.   ;)

(I'm drafting up 'Introduction to evil empire plans' soon by the way  ;)

> I get the feeling that you just don't like tapes, Alvin...;-)

Where did you get that idea?  ;)


