Re: Encrypted remote backups & issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 13:56 Uhr +0200 19.09.2003, Hein Roehrig wrote:
Alexander Zangerl <az@xxxxxxxxxxxxx> writes:

On Fri, 19 Sep 2003 11:24:03 +0200, Christian Jaeger writes:
Are there alternatives? tar|gpg|netcat(+md5) is a solid solution but
requires full backups each time.

not necessarily: i'm using dump (via amanda), and my /sbin/dump is a 90 line shell script that runs dump's output through gpg.

Yes, this would work with tar, too. However, date-based incremental backups don't work well * for large files with small changes

Yes. Well the nice thing of the nbd/cryptoloop approach would be that I don't necessarily need to keep (possibly quite many) old versions, I can simply overwrite the old backup file. Or keep one version only if I really want to keep them in a "trash", and empty the trash if it gets too big etc.; and I can always directly access the state of the whole filesystem at the time of the last backup without having to restore multiple incremental backups that may be big (i.e. 6GB full backup plus multiple possibly multi-GB incremental archives). And I can pick out any single file directly without having to unencrypt the whole thing too..


* when you can't trust the time stamp (what happens when files or
  directories are moved? file hierachies untarred?)

(It should probably not only save the modification time, but also size, and (debatable) inode number and inode change time.)


Some sort of "rsync/unison into an encrypted tar archive" would be
nice. Any ideas how to achieve this in userland?

There's librsync (and rdiff making use of it).


Christian.
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux