From owner-freebsd-questions@FreeBSD.ORG Mon May 18 13:58:36 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCC35106568B for ; Mon, 18 May 2009 13:58:36 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id 7AFE58FC1A for ; Mon, 18 May 2009 13:58:36 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id n4IDvBs2099461; Mon, 18 May 2009 09:57:11 -0400 (EDT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id n4IDvBXo099460; Mon, 18 May 2009 09:57:11 -0400 (EDT) (envelope-from jerrymc) Date: Mon, 18 May 2009 09:57:11 -0400 From: Jerry McAllister To: Kelly Jones Message-ID: <20090518135711.GB99336@gizmo.acns.msu.edu> References: <26face530905170912m3ca8b762nd0cfadc7db34da6f@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <26face530905170912m3ca8b762nd0cfadc7db34da6f@mail.gmail.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-questions@freebsd.org Subject: Re: Backing up FreeBSD and other Unix systems securely X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 13:58:37 -0000 On Sun, May 17, 2009 at 09:12:57AM -0700, Kelly Jones wrote: > I tried using Mozy for backups because they offer unlimited space, but > 1) they don't support FreeBSD, 2) they encrypt file contents, but NOT > file names, and 3) they don't do true versioned backups. Easy > workaround for 1): rsync to a Mac/Windows and backup from there, but > 2) and 3) are more difficult. Is there any possibility of using your own media locally - such as tape or a large USB attached disk? If security is such a primary concern, I can't see sending the data to that type of offsite thing. Get a couple of large USB SATAs and use dump(8) to back the stuff up on them. Write them encrypted if you need. ////jerry > > My plan: > > % Use "dd if=/dev/random of=mykey" to create a random blowfish key > > % Blowfish encrypt mykey with a passphrase only I know. Backup the > encrypted blowfish key to a remote host. > > % Keep track of when I last ran the backup program ("touch > /some/path/timestamp" at start of run) and only backup files that've > been modified more recently ("find / -newer /some/path/timestamp"). > > % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key. > > % Then, take the sha1 hash of the bzip'd/encrypted file, and backup > foo.txt to remotehost:/some/path/{sha1 hash}. > > % To avoid too many files in one dir, I may backup > b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to > remotehost:/some/path/b0/d0/a7/b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 > for example. > > % In an SQLite3 db, record the filename I'm backing up, its > timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of > the db on the remote server. > > I like this plan because it does versioned backups, and doesn't backup > identical files twice. I dislike it because I lose Mozy's unlimited > disk space. > > Questions: > > % Does this plan seem secure and reasonable? > > % Will backing up the 0-byte file this way make it easy to guess my > blowfish key? > > % Is there software that already does this? > > % Can this plan be improved? > > > % Does anyone offer unlimited space for Unix backups? > (safesnaps.com????) > > % Any general thoughts/comments on this plan? > > -- > We're just a Bunch Of Regular Guys, a collective group that's trying > to understand and assimilate technology. We feel that resistance to > new ideas and technology is unwise and ultimately futile. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"