| brent timothy saner on 9 Mar 2014 12:54:59 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud? |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/09/2014 02:52 PM, Rich Freeman wrote: (SNIP) > Some thoughts regarding a few ideas that came up on this list: 1. > An encrypted filesystem using LUKS is convenient, but doesn't > actually move anything offsite. You'll still want some kind of > offsite encrypted backup solution on top of that if you care about > security. I might suggest duplicity, which can gpg encrypt and > dump files on s3 automatically - I'm doing that for my home > backups. the example i provided creates a loopback setup- meaning you're creating a filesystem *on a file*. which can be easily (and safely) moved offsite. > 2. A risk with an encrypted filesystem using LUKS is that if > something does go wrong recovery may be more difficult. I think > that LUKS is just a block-based solution so I don't think that is a > huge risk, but if something goes wrong with your encryption layer > you may be hosed. If this is just a local backup solution and you > can verify data was written cleanly before moving it offsite or > whatever then that isn't a problem. If you're just going to work > directly on a LUKS drive then that is just another reason to have a > backup somewhere. > LUKS has a great legacy behind it and is quite stable. i use it for all my mobile computing devices- have been for about 7 years now- and have not once had an issue. except forgetting the passphrase/losing the key file, because if you do that, you have no other option except dd if=/dev/zero of=/dev/sda. there's a reason LUKS is considered secure- nobody's broken it, and it'd be extremely difficult to do so even in approach, let alone a functional execution or even a proof-of-concept. > Honestly, you might want to look at duplicity just as an archiving > solution - run it once on a directory and point it at s3 and > you'll get an encrypted backup. OP mentioned wanting to avoid GPG explicity- but if he didn't, duplicity (or boxbackup[0]) would be pretty close to what he wants. both are, however, somewhat too full of overhead for the original question- the solution i provided a couple replies back (re: loopback LUKS) is all core linux stuff these days with the exception of cryptsetup and git. dealing with your encrypted archive as a filesystem in and of itself is <3 (bonus: with some xorriso hacking, you can create optical media backups directly from the image file itself for local archival) [0] http://www.boxbackup.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTHMWbAAoJEIwATC+TSB9remEP/2R7DD+9CAqziL30s71OAdmC oiZ9VoKmA22m9MYg7ICHNx1phpZOzbZCQqJ+GJmCPMJzbBe74W/EqTL0Wg9y+0vd STr7ytacAwoCseT0xBa61MVHaCJcYFC/HoZUmii1Z8Nzv4Y3qHE7JA/kf5R33Y+/ MFB8vVV7CjNq6TQzJG1fPIB1eXJfvuhjoOQFcLgJU2Vhbz+AYmI5Xjfbh8+bXM0D 8MAyroEFLAKUiTJxtaCVPbGqf/ss3p1URx5CQGTCh7wHsJSk83RX1EBGx3eCACXr H4gHdKDmTRZQcQ/6CVrZg9kW8NEx+6qRGlYQs6epIdxYYlHIIGqVb5GPpEPwHcq3 e24Vy4rdZJxXGDP3t5SHz7A53h+T+csM4tncWZFhwPy1Q7kXLysEtHWpf8/kLlIp 4pOlI2iWLiic7bGwCX4hDHqDADCamgbKoQnSxJ2O8FCoG3tS9G64JGpPKZZd/Ts9 WSZGNfT4eNu4LrIqa8XVj+Qu41gn+CV95o4YYJ15re7YUIyNpOCxc+GkssVp4njw AAWqUqUg0IAKHpRtPZhoXqvsoIY9kklbaBsEJk1mQKSuj5lLE3lkzx/AinWAUDkV rXtdQQ7JWUrlE5mw1sUYOOT5iRgbVp7WLtaPwcjLhs0M0xdjAoSaTI54GprjROtn gwGsPQkcE0YL2uwSCbJT =CZE9 -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug