[ale] Local/Cloud File Encryption
JD
jdp at algoloma.com
Mon Aug 19 10:19:02 EDT 2013
On 08/19/2013 09:30 AM, Brian MacLeod wrote:
> I agree with JD: TrueCrypt has a client for Linux, Windows and Mac.
>
> I hadn't thought about the 4.3G idea, thanks JD for that.
>
> Most of my encrypted volumes on my Dropbox are small (16, 32Mb), but
> understand that it does take longer to sync up since if you do in fact
> change the contents of a TrueCrypt volume, the entire file (from
> Dropbox/cloud service's POV) should change, so, the larger the file, the
> longer the sync, regardless of the actual changes.
>
> Because of that, I can see great utility with David' suggestion of GPG and
> Chris' of OpenSSL -- you're only encrypting the file itself, and thus, only
> a bit more synchronizing than the time it would take for the original
> file.
>
> Balance of time and ease of use to taste.
>
> Brian
I believe there are tools that handle single-file encryption ... can't
remember when I heard about them - Security Now? Google transcripts found ...
https://www.grc.com/sn/sn-349.htm if that isn't it, they did a few weeks of
different PIE - "Pre-Internet Encryption" episodes, so check nearby
transcripts. They like the GUIs. Anyway, I learned something in those
episodes; considerations for backups that I didn't have before.
When you change files inside truecrypt, not every block is changed, so
block-based sync tools (like librsync) should be able to figure out the
differences and should be much more efficient. However, from personal
experience with large unencrypted files, rsync **does** get confused, so
transferring the entire file again may be required. This limitation forced me
to change backup methods away from rsync. Somewhere around 1G in size is
where the confusion happened on my files. I didn't have any smaller files for
that need at the time.
There is a point where putting all your backups into an encrypted portable 2TB
HDD and swapping it out at your office or mailing it to a trusted person is
the best answer, though not having it 500+ miles away is not ideal.
Don't forget that password managers can be used to securely store lots of
other things - not just passwords. I keep a grayscale passport image in mine
and text for everything on the passport - lots of non-internet account
information too.
David Tomaschik and I did a Backup-poloza at ALE-NW a few years ago where we
looked at 5 or so different methods and tools. Since that meeting had low
attendance, we haven't redone it (plus DT moved). I don't have David's
presentation(s) - the link is dead, but mine are here:
* Backup Overview - http://blog.jdpfu.com/ALE/ALE-NW/a09_backups.html - Got
Backup Religion?
* Rsync - http://blog.jdpfu.com/ALE/ALE-NW/a05_rsync.html
* Back-In-Time Snapshots - http://blog.jdpfu.com/ALE/ALE-NW/a08_BIT.html - not
good for system backups - GREAT for personal HOME backups w/hrly snapshots
* rdiff-backup - http://blog.jdpfu.com/ALE/ALE-NW/a10_rdiff_backup.html -
great all around backup tool. Easy replacement for rsync; nearly identical
options.
Click on the controls in the lower righ-hand corner to see everything as 1 page.
Today, I'd use rdiff-backup for local backups where I controlled both sides of
the client/server connection. How to get the data offsite depends on whether I
trust the remote system or not - if trusted - rsync of the backup areas
(extremely efficient daily).
If not trusted, probably some sort of openssl or gpg encryption on the stream
as it flows to the remote storage. I've never sent data to a non-trusted location.
More information about the Ale
mailing list