> From: [email protected] [mailto:[email protected]] On
> Behalf Of K. M. Peterson > > I'm trying to figure out how whole disk encryption is "desirable - > mostly in terms of backups". How is that the case? It's a given that encryption will be used for the most sensitive data. Presently, file containers are being used. Somewhere in the hard drive, TrueCrypt has a *.tc file, or OSX has a sparsebundle. The problem with backups is ... How do you backup an encrypted *.tc file? If you want, you can unmount it, and copy the whole file. But that takes forever. It's very difficult to get regular incremental backups of it (at least once a day or so...) because you have to copy the entire volume, regardless of how small your change was inside it ... Another possibility is to have something like Goodsync constantly polling for the existence of the mounted volume, and then sync the contents of the mounted volume to some remote location as long as the volume is mounted. But then you're spending a lot of effort polling for changes, etc, and you're using multiple tools (goodsync in addition to trueimage or time machine.) So there is a larger opportunity for failure instead of maintaining only one backup system. Given that there is already a daily full system incremental backup (Acronis True Image or OSX Time Machine) and you have to exclude the *.tc files due to enormous size, then the WDE is desirable, because you don't need an encrypted file container anymore. You can save all your private files directly on the C: drive, and allow Acronis to simply perform daily incrementals. It's efficient. Although OSX sparsebundles handle this better than truecrypt, it's still far from efficient, and suffers the same problem on a smaller scale. Every time you change a tiny file in your sparsebundle, 8Mb chunk of the sparsebundle needs to be sent to the server. Also, if you're using any type of file container, if you want to restore a single file from within the volume ... You can't. Your only choice is to restore the whole volume. So there are a lot of ways that it's more desirable, in terms of backups, to use WDE instead of encrypted file containers. Because then you're able to use whole-disk backup tools to perform incremental backups, and you're able to obtain a decent level of granularity and manageability.
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
