Re: What is rsyncrypto good for?

[Shachar Shemesh]

  
  

On 09/11/2019 16:37, h...@ancell-ent.com
  wrote:


  
  
  
  I see three issues:
  
  
  
  Encrypting your files makes it
more likely you'll totally lose them by losing the encryption
keys.  After a successful natural disaster caused recovery of
rsyncrypto encrypted files, I decided what I was storing was not
sensitive enough to justify that danger.
  

I think that's the only point you made I actually disagree with.
  Rsyncrypto was built so that you can recover your entire data set
  using a single private key that need not be updated. Just make
  sure you store that securely (say, on a DoK in a safe, or
  whatever), and you can lose the entire local data and still
  recover everything.


You can even post the private key, password protected, to the
  same place you back everything else up.


  
  
  Not having an on the fly mode ...

  

but, on the other hand

  
  
  To where do you backup your data
offsite?  rsync.net is great, but relatively expensive at rest
compared to object store cloud offerings like AWS S3's lower
classes and Glacier, Backblaze B2, Azure's archival offerings,
etc.  Rclone would appear to be the equivalent program for
those, with its own limitations, including greater bandwidth
use.
  

But on the fly mode would, pretty much by necessity, be
  incompatible with current rsync. This means that even fewer backup
  providers would be eligible.


When originally written, rsyncrypto was meant to be the
  technological side of a backup service I intended on running. On
  the fly would have been acceptable there (but would have reduced
  its usability to everyone else). The power of open source is that
  the technology lives on where the business has failed, but I guess
  even that has its own limits.


  
  
  Ah, that brings up a 4th:
rsync/rsyncrypto shines for files that have small portions
changing, like log files, but today for many if not most users
that's minuscule compared to media files that don't get
changed.  Compare to people with only a few computers to back up
not finding deduplication compelling, because storage and
bandwidth costs and capacities have changed so much.
  
  
  

Like I said, the world has moved on. I accept it. It's why you're
  not seeing new versions coming out.


Shachar
  


___
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel

Re: What is rsyncrypto good for?

[David Diepenbrock]

Thanks so much for the thoughtful response.  The extra time to re-encrypt
everything locally is not a big problem for me, so I will keep in mind your
workaround should I find my fuse-based solution unworkable.  I do agree
with your assessment of many of the backup solutions that perform snapshots
and only transfer those snapshots off site.

As for my needs, I started looking at encfs, and ended up with gocryptfs.
Both are FUSE based tools and both offer a "reverse" mode which makes it
possible to create an encrypted file-by-file view of my unencrypted backup
directory to feed into rsync to replicate offsite. Thus, I don't have any
issue with snapshots and infinite growth, it is a rather direct drop-in
replacement for rsyncrypto.  The only disadvantage I see to gocryptfs is
that a change to any file will likely result in the whole file being copied
during rsync because of the encryption algorithm used.  However, for files
where only a small part of them would change they tend to be small enough
that this should be rather minor.  Larger files in my particular use are
almost always static.

Another potential advantage of gocryptfs is I can create an unencrypted
view of the backup to recover individual files:  sshfs mount the offsite
backup drive, then gocryptfs (in non-reverse mode) to create a unencrypted
view of the encrypted backup.  I would do this for a full recovery, but it
could come in handy to access a single file.

I say these things not to poo-poo on rsyncrypto, it is a great project and
I used it successfully for many years.  But instead to suggest that the use
of FUSE to create encrypted / non-encrypted views of source data is, I
think, superior to taking a file and producing an encrypted/unencrypted
copy of the file and in-line with the Unix philosophy of single-purpose
tools.  If I were to put work into a new release of rsyncrypto I would move
in the direction of a FUSE approach like encfs and gocryptfs but improve by
using the rsync-friendly encryption techniques that makes rsyncrypto shine.

Best,
David Diepenbrock

On Sat, Nov 9, 2019 at 8:00 AM Shachar Shemesh  wrote:

>
> On 08/11/2019 19:00, David Diepenbrock wrote:
>
> I may have discovered another bug, and I apologize in advance for not
> digging into it more, and for polluting this thread.  When I ran on top of
> my rather old encrypted copy, after compiling with the delete bug fixed, I
> noticed that the size was *significantly* larger than it should be, on the
> order of double or more what I was expecting.  Now I had cleaned out the
> source dir quite a bit, so I suspect that not everything was properly
> deleted.  A quick check at the file counts showed the encrypted directory
> had nearly 4x the file count of the source dir.
>
> That may be a bug, indeed. I'll try to have a look at it.
>
>
> With that said, please note that there is a very easy work around. Just
> delete all of the encrypted files, leaving only the key files (which are
> very small), and then re-encrypt your data. You will have just the relevant
> files, and they will still be rsyncable.
>
>
> Unfortunately, this made it a no-go for me to resume using rsyncrypto.
> For now I've migrated to using a fuse encrypted filesystem
> instead (gocryptfs in my case, since I needed something with reverse mode
> for feeding into rsync).  With the fuse option it means I don't need to
> preserve an encrypted copy of the data on disk, which rather significantly
> outweighs any of the drawbacks.  As such, I can't see myself moving back to
> rsyncrypto anytime soon, unless someone can point out something I might be
> missing?
>
> Here's what my understanding of how Fuse based solutions work. The file
> system keeps track over what changed, encrypts the delta, and sends it
> over. This keeps the changes small and gives you, in many cases, bandwidth
> efficiency similar to rsyncrypto[1].
>
>
> Here's this system's down side. Personally, I find this down side so bad
> as to make the system unworkable, but most people don't seem to care: You
> can never free space on the back up storage device. Every single
> intermediate backup is potentially crucial for correct restore. There are
> two ways, and only two ways, to keep your system up to date. Either resign
> yourself to your remote backup folder getting bigger and bigger as time
> moves on, or periodically re-sync the whole data set. For a system designed
> to keep bandwidth low, I find it unacceptable.
>
>
> When I say this to people, the common answer is that neither bandwidth nor
> storage are that expensive these days[2]. I find this answer near-sighted,
> as it only views the "backup" side of the equation. There is a very serious
> "restore" side to consider.
>
>
> Encrypted backup should, ideally, have just one "single point of failure"
> point, which is the encryption key (for rsyncrypto, even that's not true:
> you store the symmetric key locally in the key files, and you have your RSA
> master key). Fuse based solutions have 

Re: What is rsyncrypto good for?

[hga]

> From: Shachar Shemesh 
> Date: Saturday, November 09, 2019 7:59 AM
> 
> [...]
> 
> In summary: I have moved on. People are not interested in what rsyncrypto has 
> to offer, and I accept that. I wish I understood that, however, as it seems 
> to me to be a genuinely superior solution (though, admittedly, more clunky) 
> to what people are actually choosing.
> 

> Rsyncrypto can be made better. The file name can be stored, encrypted, inside 
> the file to allow recovering the file map. I could think of a system that 
> would integrate rsyncrypto and rsync, so that the files could be encrypted on 
> the fly, saving local storage. I don't think those will change rsyncrypto's 
> adoption in any significant ways, so I don't spend my time on them.

> 

> Shachar


I see three issues:

Encrypting your files makes it more likely you'll totally lose them by losing 
the encryption keys. After a successful natural disaster caused recovery of 
rsyncrypto encrypted files, I decided what I was storing was not sensitive 
enough to justify that danger.

Not having an on the fly mode ... it can be viewed as an additional backup for 
your data, but otherwise it's a pretty big deal if you have a lot to backup up. 
And high capacity disk drives are now engineered with heads so close to 
surfaces that they come with yearly maximum total reading and writing budgets, 
which are quite modest compared to the capacities drives are getting up to. 
Unless you use an "already am backing it up, and size and date modified have 
not changed" heuristic, reading the entirety of the files every day is *bad*.

To where do you backup your data offsite? rsync.net is great, but relatively 
expensive at rest compared to object store cloud offerings like AWS S3's lower 
classes and Glacier, Backblaze B2, Azure's archival offerings, etc. Rclone 
would appear to be the equivalent program for those, with its own limitations, 
including greater bandwidth use.

Ah, that brings up a 4th: rsync/rsyncrypto shines for files that have small 
portions changing, like log files, but today for many if not most users that's 
minuscule compared to media files that don't get changed. Compare to people 
with only a few computers to back up not finding deduplication compelling, 
because storage and bandwidth costs and capacities have changed so much.

- Harold___
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel