rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rdiff-backup-users] Re: operational questions

From: Eric S. Johansson
Subject: [rdiff-backup-users] Re: operational questions
Date: Tue, 27 Apr 2004 21:16:37 -0400
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207) 
John Labovitz wrote:

On Apr 27, 2004, at 10:17 AM, Eric S. Johansson wrote:
any suggestions for somehow protecting rdiff backed up data on a friendly foreign machine? 


Two possibilities, off the top of my head --
1. Use an encrypted sparse file image on the foreign machine. This will let you have a file system that, when unmounted, is a big blob of a file. (See Disk Utility and "hdiutil" for more details.) However, you'll have to find a way to mount/unmount the image when the remote rdiff-backup logs in. You might be able to use ssh "subsystems" to do this -- see "man sshd_config".
However, I see two holes with this: first, once the image has been mounted, the files on it are readable to the admin of the foreign machine. So it's not completely opaque. Secondly, it seems fairly possible for the connection to die in such a way that the image is never unmounted -- leaving it open again. 

probably acceptable for a friendly backup site.
2. Use rdiff-backup to a *local* encrypted sparse image, then use rsync to mirror changes in that image over to the foreign machine. (Rsync has a --sparse option that may work well here.)
The obvious disadvantage with option #2 is that you have to store your diffs locally. It also may require a large diff, since at least parts of the sparse image are being completely re-encrypted.
I agree that the most probable killer would be the re-encryption of large chunks of disk.
although, one could implement this and then use an M-of-N partitioning model combined with rsync. again, the expected large number of changes would probably be a killer.
Again, I haven't really tried either of these -- just throwing them out as ideas.
they are good ideas. I just wanted to see if anybody had thought about the problem.
the big problem with doing this is an issue of trust. so, the answer might be to encrypt the files as you send them over and leave the file hierarchy intact. Unless you start building a file format like tar that can handle these deltas (encrypted or otherwise), you can't help but reveal the file hierarchy. 

---eric


---eric
reply via email to
[Prev in Thread] Current Thread [Next in Thread]