On Thu, Oct 30, 2008 at 08:38:16AM +0100, Guido Tschakert wrote: > Douglas A. Tutty schrieb: > > On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: > >> I'm confused, the encrypted volume cannot be backed up without a key? > > > > Sure, I could backup the encrypted volume. However, I'd rather back the > > data up as an unencrypted directory along with everything else. > > And then someone steals your backup.
I pipe the backup through openssl anyway. > Wouldn't it be more sophisticated, to secure the physical access (lock > up the door, some security on the windows (the real one, not that crap > from MS), if any) to the system and encrypt the backup (public-key comes > to my mind). As mostly backup will be done on external media (DVD, CD, > Tape, USB-Harddrives) Physical access to the apartment is as secure as possible given the lease (which is what is prompting this thread). As for the backup media, the total size of the backup set is about 50 GB and for off-site I want it to fit in the bank's small safety deposit box (CDs don't fit) so I'm thinking about using LTO-1 (LTO's will fit and LTO-1 is slow enough that a single IDE drive in a P-133 box should be able to keep it fed). This is a separate issue that I don't want to confuse the thread with. > It always depends on how paranoid you are (and as I remember you are > more paranoid then the average ;-) ), how secret your data is. > > I don't know what's involved in e.g. restoring an accidentally deleted > > file from within an encrypted volume. I guess I'd treat it like a > > tarball in that its a file, mount it somewhere using the usual key and > > retreive the file, mount the user's encrypted volume and copy the file > > back where it belongs. > > > > Its likely that its me that's confused. Since what I'm contemplating > > doesn't seem to be mainstream, I'm assuming that backup and restore > > procedures aren't mainstream (e.g. have the kinks worked out) either. > > That assumption could be invalid.
