[Nottingham] Secure remote backups

Roger Light roger at atchoo.org
Sat Apr 12 00:05:26 BST 2008


On Fri, Apr 11, 2008 at 06:15:49PM +0100, Martin wrote:

> I think the "distributed" backups idea is a good idea, apart from
> security concerns. Fine if your data is sooo boring that noone could
> possibly ever want to look for any reason...
> 
> Such as gpg can be used to encrypt individual files or a tar of multiple
> files. However, the filenames could well be descriptive even if the
> contents are encrypted. The tar-ing rather defeats the idea of taking
> advantage of the rsync speedups possible.

cryptofs ( http://reboot.animeirc.de/cryptofs/ ) does what I think
you're thinking of, but it doesn't provide what you actually want. You
use cryptofs to mount a directory onto a mount point. The mount point is
where you actually access the files/directories from but they actually
exist in the original directory with encrypted contents and obscured
names.

The problem is that when the mount is in place (ie. during backups), the
"untrusted" party who owns the box the backups are being held on can see
everything.

Of course, you could just mount all of your _local_ data through
cryptofs and simply rsync the encrypted tree.

Cheers,

Roger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/nottingham/attachments/20080412/9019bb09/attachment-0001.bin


More information about the Nottingham mailing list