From owner-freebsd-questions@FreeBSD.ORG Sun May 17 16:12:59 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B94B6106566B for ; Sun, 17 May 2009 16:12:59 +0000 (UTC) (envelope-from kelly.terry.jones@gmail.com) Received: from mail-qy0-f173.google.com (mail-qy0-f173.google.com [209.85.221.173]) by mx1.freebsd.org (Postfix) with ESMTP id 7A6158FC23 for ; Sun, 17 May 2009 16:12:59 +0000 (UTC) (envelope-from kelly.terry.jones@gmail.com) Received: by qyk3 with SMTP id 3so5095403qyk.3 for ; Sun, 17 May 2009 09:12:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=G0idDcUJz6hh6zMcKt4IsCeV7aPBG6eIIqZ1LIE/NMk=; b=NmpRKiEbCouUDa/D5GyIinTNs7EQjnLZ/hwDwAenpwwM+bPtg1ZR8Va2I7CWe/dfEm umBuN67PDBtj77iTD6dlz2Tmays48gS0R0N/P9LddErHeBz46c+y3C3iBQo3uk53/Aw0 1JOmvAB0UFLeNVqTZwMqvspFeNqN8revbJgjY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=PFUoaQ3rph4ebjrUWJs05elTlWkSiHs1JEP93TxctihJkCcgMBJTwowZXXLPndfQu0 ebTSo7FhbbgYDVz3asOs+Fgb40dga+Lu+0x7bGamZejmTuAE1jIXZ9ysAYIsrr4X/Sob v4Dyuh1CstoYXFeJGmD93js7EqhGTVeDPgtyw= MIME-Version: 1.0 Received: by 10.229.70.138 with SMTP id d10mr2846516qcj.22.1242576777600; Sun, 17 May 2009 09:12:57 -0700 (PDT) Date: Sun, 17 May 2009 09:12:57 -0700 Message-ID: <26face530905170912m3ca8b762nd0cfadc7db34da6f@mail.gmail.com> From: Kelly Jones To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Backing up FreeBSD and other Unix systems securely X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 16:13:00 -0000 I tried using Mozy for backups because they offer unlimited space, but 1) they don't support FreeBSD, 2) they encrypt file contents, but NOT file names, and 3) they don't do true versioned backups. Easy workaround for 1): rsync to a Mac/Windows and backup from there, but 2) and 3) are more difficult. My plan: % Use "dd if=/dev/random of=mykey" to create a random blowfish key % Blowfish encrypt mykey with a passphrase only I know. Backup the encrypted blowfish key to a remote host. % Keep track of when I last ran the backup program ("touch /some/path/timestamp" at start of run) and only backup files that've been modified more recently ("find / -newer /some/path/timestamp"). % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key. % Then, take the sha1 hash of the bzip'd/encrypted file, and backup foo.txt to remotehost:/some/path/{sha1 hash}. % To avoid too many files in one dir, I may backup b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to remotehost:/some/path/b0/d0/a7/b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 for example. % In an SQLite3 db, record the filename I'm backing up, its timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of the db on the remote server. I like this plan because it does versioned backups, and doesn't backup identical files twice. I dislike it because I lose Mozy's unlimited disk space. Questions: % Does this plan seem secure and reasonable? % Will backing up the 0-byte file this way make it easy to guess my blowfish key? % Is there software that already does this? % Can this plan be improved? % Does anyone offer unlimited space for Unix backups? (safesnaps.com????) % Any general thoughts/comments on this plan? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile.