Backup Central

I've been in discussions with other people around my state about sharing
a few gigs of space with each other in a network of backup storage hosts.

We've just about gotten everything figured out except the prickly issue
of the files getting stored in the clear on the remote storage host.

After a bit of investigation, we've determined that there's really no
good way to ensure that root < at > remote_server cannot see the contents of
files on his own filesystem. This is a deal-breaker for several people.

What we've determined is that the files need to be encrypted locally
before transmitting to the remote host. IOW, the remote host would just
continue doing what it's doing without caring whether the files are
encrypted or not. We want to get rdiff-backup (or something else) to
encrypt the files before transmission, and yet still have the capability
to perform all the current duties it does.

Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

-Dan

begin quotation of Dan Parrish on 2004-12-08 20:28:10 -0700:

Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

duplicity is linked to from rdiff-backup's homepage.

On Wed, Dec 08, 2004 at 10:32:46PM -0500, Alec Berryman wrote:
begin quotation of Dan Parrish on 2004-12-08 20:28:10 -0700:
Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

duplicity is linked to from rdiff-backup's homepage.

duplicity, a program marked as "not stable yet", with its last release
being 15 months in the past, doesn't look like a live project.

It looks promising, but I don't think that it will be useable any time
soon.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835

Hi

On Wed, Dec 08, 2004 at 08:28:10PM -0700, Dan Parrish wrote:
After a bit of investigation, we've determined that there's really no
good way to ensure that root < at > remote_server cannot see the contents of
files on his own filesystem. This is a deal-breaker for several people.

There are some programs to overcome this problem:
- BoxBackup http://www.fluffy.co.uk/boxbackup/ (does this rather good,
is under active development and considered stable)
- DIBS http://www.csua.berkeley.edu/~emin/source_code/dibs/ (not sure
about this)

Hope that helps and have a good one

Flavio

--
http://no-way.org/~fcu/

You can play with linux cryptoapi, create a crypted filesystem on a
file on the remote host, mount it before rdiff-backup and umount it
when it has finished.
It's not completely secure (you need to transmit the key in plaintext
every time, somebody could crack the box and install a trojan mount to
save the keys used for mounting, etc, but it might work



On Wed, 08 Dec 2004 20:28:10 -0700, Dan Parrish
<deathandtaxes < at > 3lefties.com> wrote:
I've been in discussions with other people around my state about sharing
a few gigs of space with each other in a network of backup storage hosts.

We've just about gotten everything figured out except the prickly issue
of the files getting stored in the clear on the remote storage host.

After a bit of investigation, we've determined that there's really no
good way to ensure that root < at > remote_server cannot see the contents of
files on his own filesystem. This is a deal-breaker for several people.

What we've determined is that the files need to be encrypted locally
before transmitting to the remote host. IOW, the remote host would just
continue doing what it's doing without caring whether the files are
encrypted or not. We want to get rdiff-backup (or something else) to
encrypt the files before transmission, and yet still have the capability
to perform all the current duties it does.

Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

-Dan

_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users < at > nongnu.org
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki



--
Martin Sarsale - martin < at > malditainternet.com

I think DIBS is what you are looking for... I've used it, its pretty
sweet. If you do loopback, cryptoapi, dmcrypt stuff then the root < at >
will be able to read the files. DIBS does the encryption on the
originating side, and does a distributed backup in a really cool way.


On Wed, 08 Dec 2004 20:28:10 -0700, Dan Parrish
<deathandtaxes < at > 3lefties.com> wrote:
I've been in discussions with other people around my state about sharing
a few gigs of space with each other in a network of backup storage hosts.

We've just about gotten everything figured out except the prickly issue
of the files getting stored in the clear on the remote storage host.

After a bit of investigation, we've determined that there's really no
good way to ensure that root < at > remote_server cannot see the contents of
files on his own filesystem. This is a deal-breaker for several people.

What we've determined is that the files need to be encrypted locally
before transmitting to the remote host. IOW, the remote host would just
continue doing what it's doing without caring whether the files are
encrypted or not. We want to get rdiff-backup (or something else) to
encrypt the files before transmission, and yet still have the capability
to perform all the current duties it does.

Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

-Dan

_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users < at > nongnu.org
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki

http://www.fluffy.co.uk/boxbackup/

I haven't used it.

On Wed, 15 Dec 2004 16:24:39 +1100, Ryan Castle <ryan.castle < at > gmail.com> wrote:
http://www.fluffy.co.uk/boxbackup/

I haven't used it.


On Tue, 14 Dec 2004 00:19:58 -0600, micah milano <micaho < at > gmail.com> wrote:
I think DIBS is what you are looking for... I've used it, its pretty
sweet. If you do loopback, cryptoapi, dmcrypt stuff then the root < at >
will be able to read the files. DIBS does the encryption on the
originating side, and does a distributed backup in a really cool way.


On Wed, 08 Dec 2004 20:28:10 -0700, Dan Parrish
<deathandtaxes < at > 3lefties.com> wrote:
I've been in discussions with other people around my state about sharing
a few gigs of space with each other in a network of backup storage hosts.

We've just about gotten everything figured out except the prickly issue
of the files getting stored in the clear on the remote storage host.

After a bit of investigation, we've determined that there's really no
good way to ensure that root < at > remote_server cannot see the contents of
files on his own filesystem. This is a deal-breaker for several people.

What we've determined is that the files need to be encrypted locally
before transmitting to the remote host. IOW, the remote host would just
continue doing what it's doing without caring whether the files are
encrypted or not. We want to get rdiff-backup (or something else) to
encrypt the files before transmission, and yet still have the capability
to perform all the current duties it does.

Are there any plans to implement this in rdiff-backup in the future? If
not, are there any other methods of having this secure remote
storage/backup solution?

-Dan

_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users < at > nongnu.org
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki


_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users < at > nongnu.org
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki