Re: [Duplicity-talk] S3 getting started

[mike]

On 6/20/07, Gabriel Ambuehl <address@hidden> wrote:

> Theoretically, you could run encfs over sshfs and achieve that (FUSE can do
> chaining from what I understand). The server would never see your data
> unencrypted (decrypting on the server is kinda besides the point in my view).
> Practically, there's something wrong in either encfs or sshfs that prevents
> it from fully working (I'm guessing it's encfs, as that one has horrible
> behavior when running rsync, too).

yeah i did not totally trust encfs yet, otherwise i'd be using it...
it also does not encrypt the file metadata completely, so you can
still guestimate some of the files contents.

a true encrypted solution would do the encryption on the client, send
to server, and download again and decrypt on the client. the server
would only see encrypted bytes. duplicity does that, but it is still a
little bit "beta" for me as well.

i think i am trying for too perfect a solution right now that still
has not been created (at least for commodity/cheap/free purposes) -
but it is getting close. bestcrypt or truecrypt containers also work,
but aren't as transparent as hoped. not sure if truecrypt can properly
do differentials, especially on a huge container...

i had an original idea of "what about using NFS, but throwing an
encryption call before it hits the network, then a decryption call
before it gets back to the server" type deal. seems like it should be
simple enough as long as there is proper key management, and the
ability to store scrambled filenames properly and recall them properly
(okay, that part gets confusing)