[NBLUG/talk] Crypt Filesystems
Walter Hansen
gandalf at sonic.net
Tue Jul 25 15:16:09 PDT 2006
I really think that you think this is intended for onsite securtiy and it
is not. This is for encryption of a backup drive that is physically taken
offsite. The concern is that the drive could be lost or stolen. The
solution is to encrypt the drive so that without the encryption key the
drive is useless to anybody who finds or steals it (except as a nice used
hard drive). I used to ponder this sort of thing in the old days when we
were using tape also. When a tape went bad before I was in charge it was
thrown away.
I understand that when on the computer in question the backup drive will
be just as readable as the backup drive that it mirrors from.
The key would not be in the same physical place as the drive. Without the
key nobody should be able to mount the drive anyway. Yes I'd want to use
the v3 (strongest) encryption.
Now here's an odd thing. By my plan the backup drive actually would
contain a backup of it's own key; in a gziped tarred file that's encrypted
along with everything else. I could set an exclude, but I doubt it would
make any difference. If this confuses, please ignore it. It's just kinda
funny.
More information about the talk
mailing list