Re: Secure backup on remote untrusted server over slow line?

From: Brian C. Lane (bcl@brianlane.com)
Date: 06/15/02


From: Brian C. Lane <bcl@brianlane.com>
Date: Fri, 14 Jun 2002 17:05:37 -0700

On Thu, 13 Jun 2002 15:01:38 +0100
Iwo Mergler <Iwo.mergler@soton.sc.philips.com> wrote:

> "Brian C. Lane" wrote:
> >
> > On Wed, 12 Jun 2002 16:31:58 +0200
> > Preben Bohn <preben_bohn@yahoo.com> wrote:
> >
> > > Hi all, I hope the subject says it all... :-)
> > >
> > > If not, here's my problem, I really hope someone can help me:
> > >
> > > I want to backup my linux server (~10GB data) on a remote server over a
> > > slow line (~200 kbps). I only need a snapshot at say 1 days interval.
> > > The changes to the server data are relatively small so an incremental
> > > scheme is the way to go (and with 10GB over 200 kbps it is the only way
> > > :)).
> > >
> > > The problem is that the remote server is "public" available, so I need
> > > to encrypt the data somehow. Does anyone have any good ideas to how I
> > > can accomplish this?
> > >
> >
> > On your secure system write a find backup script (I used to have one before I switched to using rsync for backups) that finds all the changed files (compared with a timestamped file you create after each backup) and copies them into a new filesystem tree. Use apio to compress and archive the tree (apio is better than tar because it compresses individual files, a corrupt byte won't hose the whole archive). Then use gpg to encrypt the compressed file to you (use a throw-away gpg key, not your normal on
e, a
> > s the source key for the encryption. Its the destination key that matters). Then transfer the compressed, encrypted file over to the untrusted system.
>
> Isn't this a bit over the top? His particular system has the
> advantage that encryption and decryption happen in the same
> place, so a private/public key encryption is not needed.
>

  But the results are going to be transferred to a public system that isn't under his control, so using a robust encryption scheme (not the XOR with random data as previously suggested) is a good idea. Pick whatever good crypto package you want, it all amounts to the same thing. Use software that has already been tested, don't make it up yourself (unless you really know what you are doing).

Brian

-- 
Linux Consulting and Software Development
http://www.brianlane.com
DigiTemp --[Inside 77.1F]--[Outside 99.3F]--[fozzy 80.0F]--[Drink 62.6F]--



Relevant Pages