On Sat, Jan 2, 2010 at 12:04 AM, Edward Ned Harvey <[email protected]> wrote: > Normally, I love Truecrypt, but there are two specific obstacles for now … > > #1 It seems, in Linux, Truecrypt can’t create a sparse file container > volume. You’re required to allocate the whole volume at creation time. Are > you guys using Truecrypt in Linux, or would you recommend something else?
You cannot securely use a sparse file because the whole point of truecrypt is to make the encrypted container look like a big blob of noise. If you were able to make a sparse file, anyone would be able to tell where the data was (because it would take up real space on the disk). This defeats a large part of the purpose for using Truecrypt. > #2 Regardless of platform, Truecrypt stores the volume in a single file. > They say this provides improved security as compared to a bunch of smaller > files with timestamps that update as they’re modified (ala sparsebundle) … > But the sparsebundle approach has one major advantage. You’re able to > simply run incremental backup software on your hard drive, and your > encrypted volume will be correctly backed up as efficiently as possible > (only backing up the various 8M chunks that were modified.) … Unfortunately > backing up Truecrypt volumes can be difficult, because they’re huge, and > non-segmented. You’ve got to backup the entire volume every time. > > Does anybody have any suggestions to solve either of these two problems, or > recommend a different product instead of TrueCrypt? > > Thanks… I also wish you could break files into smaller chunks, but if you are performing your backups with something like rsync, it would only transfer the parts of the file that changed. I think there are other tools, like rdiff-backup, that let you more easily save just the parts that changed, like an incremental backup. However, doing that would also provide some kind of weakness, as an attacker could analyze the backup and deduce which areas contain data that changed more frequently. Otherwise, you could split the container file into a temp directory and then back that up. I think you'd probably find that would allow you to find only the areas that changed. You might need to write a custom script to handle the backup. It's not ideal, but that's how it goes when you start getting into encryption and high security. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
