On Monday 29 December 2008 13:49:11 Dominic wrote: > ... But I don't understand why it is not secure to use > encfs directly on the third party remote server (assuming that it is > available of course)? Something like this (sorry this is from a Windows > client hence use of plink and unusual escapes): > > rdiff-backup --remote-schema "plink.exe -ssh -i mykey.ppk %s echo > ""S3cr3tP4s5w0rd""^| encfs -S ~/archives-enc/ ~/archives/; rdiff-backup > --server; fusermount -u ~/archives/" "C:/Documents and Settings/Dominic/My > Documents" u...@server::~/archives/mydocs;
> My idea is that this will first mount the encrypted directory > (~/archives-enc/) so that it can be read and written to unencrypted (as > ~/archives/), then run rdiff-backup into this directory, then unmount so > that thereafter the data can only be seen encrypted - unless you have the > password. > > Of course this way we have sent the password to the remote server, but we > have done so using ssh and I don't think this can be sniffed or found by > the server's system administrator (it is not saved in .bash_history) - or > can it be? Well, assuming it works, that solution will theoreticly give the sysadmin in question access to all your data. In the space between where your ssh-session ends and your encfs begins all your data, as well as your encfs-password, will exist in the servers memory. If this is a purely theoretical danger or a real threat most likely depends on what sysadmin you are dealing with, the sensitivity of the data, etc. -- Andreas Olsson http://www.andreasolsson.se/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
