Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 05 Apr 2011 06:17:28 +0100
From: Gareth Randall <>
Subject: A new way of writing secure data backups, combining RAID and one
 time pads.


I have published a free software project called "Triplyx", which writes 
data to a set of three storage devices in such a way that if any one of 
them is lost or stolen, it cannot be used to recover the data. Any two 
storage devices can be brought together to recover the data. It was 
created for use with offsite data backups.

The concept is simple, although I have never seen it done in a 
commercial or open source product.

Triplyx writes three copies of the data input D to separate storage 
devices. Each copy is exclusive-OR encrypted with a random "one time 
pad", and one of the other one time pads is written alongside it in the 
same "volume" (file). In my code, the output can be any file or a Unix 

In the following example, the one time pad (random) data streams are A, 
B and C.

D^A means that each byte of D is XOR'd with the corresponding byte of A.

Volume 1 contains:  D^A and B
Volume 2 contains:  D^B and C
Volume 3 contains:  D^C and A

So, for example, storing a 100kbyte file (D) would result in the 
following being written to the volumes:

Volume 1:  100k of D^A, along with 100k of B.
Volume 2:  100k of D^B, along with 100k of C.
Volume 3:  100k of D^C, along with 100k of A.

Note: The D^A and B streams are actually "striped" so that they can both 
be read and written at the same time without needing to keep copies of 
large amounts of data. This is designed especially to support tape as a 
backup medium.

Restoring the data simply requires any two volumes. So, for example, 
volumes 2 and 3 contain C and D^C, allowing the original D to be 


I've also written a paper describing it.

URL of the paper is:

The paper also documents a similar method which allows more data to be 
stored but with some implications for security. That is, write the data 
three times, encrypted with different symmetric keys, and then store the 
other two keys not used for the current data on each storage medium.

Volume 1:  (D enc with J), K, L
Volume 2:  (D enc with K), J, L
Volume 3:  (D enc with L), J, K

where J, K and L are encryption keys.

This allows more data to be stored because it does not need to store an 
entire one time pad, but contains risks of attacks on either the 
encryption algorithm or the means of choosing the keys.

Coming from an "enterprise" point of view, offsite backups could now be 
stored for long periods of time without having to worry about encryption 
passwords being lost due to staff turnover. Also, compliance with data 
protection legislation should be easier to demonstrate.

For the one time pad method, if the random number generator is good 
enough then a single lost backup device can never result in exposure of 
confidential data.

======= Gareth Randall =======

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.