Looked at this myself. It depends on whether you trust the remote
machine. They could just replace the encfs command, get your password
and read your data.
On Monday 29 December 2008 13:49:11 Dominic wrote:
... But I don't understand why it is not secure to use
encfs directly on the third party remote server (assuming that it is
available of course)? Something like this (sorry this is from a Windows
client hence use of plink and unusual escapes):
rdiff-backup --remote-schema "plink.exe -ssh -i mykey.ppk %s echo
""S3cr3tP4s5w0rd""^| encfs -S ~/archives-enc/ ~/archives/; rdiff-backup
--server; fusermount -u ~/archives/" "C:/Documents and Settings/Dominic/My
Documents" u...@server::~/archives/mydocs;
My idea is that this will first mount the encrypted directory
(~/archives-enc/) so that it can be read and written to unencrypted (as
~/archives/), then run rdiff-backup into this directory, then unmount so
that thereafter the data can only be seen encrypted - unless you have the
password.
Of course this way we have sent the password to the remote server, but we
have done so using ssh and I don't think this can be sniffed or found by
the server's system administrator (it is not saved in .bash_history) - or
can it be?
Well, assuming it works, that solution will theoreticly give the sysadmin in
question access to all your data. In the space between where your ssh-session
ends and your encfs begins all your data, as well as your encfs-password,
will exist in the servers memory.
If this is a purely theoretical danger or a real threat most likely depends on
what sysadmin you are dealing with, the sensitivity of the data, etc.
------------------------------------------------------------------------
_______________________________________________
rdiff-backup-users mailing list at [email protected]
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
_______________________________________________
rdiff-backup-users mailing list at [email protected]
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
