[Gllug] Remote encrypted unattended file server
Shevek
gllug at anarres.org
Thu Jun 19 01:49:57 UTC 2008
On Thu, 2008-06-19 at 00:57 +0100, Simon Firth wrote:
> Hello all -
>
> I'd like to setup a system at a remote site (a friend's house) for file
> storage / backup. Naturally (imo) I'd like my data to be encrypted. My
> friend will not be able to provide any technical assistance whatsoever.
> As to the other requirements - encryption on the HD and on the wire, I'm
> thinking nbd may be the answer. So far though, I haven't been able to
> figure out how I would "authenticate" - I think that's the correct term
> - how I would ensure that only I would have access to the nbd.
If you run dm-crypt over nbd, there is no requirement to have any crypto
on the remote system at all; further, there is no requirement to have an
extra wire-encryption layer. The data never exists unencrypted outside
your source system.
Whether this is a safe application of the cryptographic protocol is an
exercise for the interested reader. I suspect in any case it will
probably be harder for the (presumably ... no, let's not presume) than a
rubber hose attack on your friend.
S.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list