[gentoo-user] Secure Cloud Backup

[gentoo-user] Secure Cloud Backup

[James Broadhead]

I have a pile of files, and a personal svn repo totalling around 13GiB
which I want to back up to cheaply to 'the cloud'.  I would also like
it to be non-trivial for someone with access to the cloud servers to
decrypt my data.

I have a 50GB free account for Box.net, but would consider others if
they have significant advantages. The box.net account is only allowed
upload files of max 100MiB at a time.

Now one problem facing me is that most cloud services don't give
assurances of bit parity, so I'd like to be able to recover most of
the files if I lost my local copies and there were bits missing from
the uploaded backup. This makes the one-big-encrypted-file approach a
no-go.

My current approach is to use split-tar, with the intention of
encrypting each file separately. (Is this worse / equivalent to having
one big file with ECB ? )
http://www.informatik-vollmer.de/software/split-tar.php
...but this seems to have difficulty sticking below the 100MiB
individual file limit (possibly there are too many large files in the
svn history).

Any thoughts? I'm sure that many of you face this problem.

Re: [gentoo-user] Secure Cloud Backup

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 2045 bytes --]

Am 02.01.2012 22:50, schrieb James Broadhead:
> I have a pile of files, and a personal svn repo totalling around 13GiB
> which I want to back up to cheaply to 'the cloud'.  I would also like
> it to be non-trivial for someone with access to the cloud servers to
> decrypt my data.
> 
> I have a 50GB free account for Box.net, but would consider others if
> they have significant advantages. The box.net account is only allowed
> upload files of max 100MiB at a time.
> 
> Now one problem facing me is that most cloud services don't give
> assurances of bit parity, so I'd like to be able to recover most of
> the files if I lost my local copies and there were bits missing from
> the uploaded backup. This makes the one-big-encrypted-file approach a
> no-go.
> 
> My current approach is to use split-tar, with the intention of
> encrypting each file separately. (Is this worse / equivalent to having
> one big file with ECB ? )

I could be wrong but I don't think you will find any reasonable
encryption tool that only offers encryption equivalent to ECB. The
number of files should not matter as the encryption tool can use a
randomized IV with CBC.

> http://www.informatik-vollmer.de/software/split-tar.php
> ...but this seems to have difficulty sticking below the 100MiB
> individual file limit (possibly there are too many large files in the
> svn history).
> 

Why not split them further when the files are still above the 100M limit
after splitting them with that tool? split + cat should do the trick.

> Any thoughts? I'm sure that many of you face this problem.
> 

Well, I have no experience with their service (although I always planned
to use them), but maybe you can try these guys [1]. They don't have file
size limits and support everything working over ssh (including sshfs) as
well as duplicity for file encryption. Of course, having only US
locations could be a no-go depending on your legal
considerations/restrictions.

[1] http://www.rsync.net/

Regards,
Florian Philipp



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] Secure Cloud Backup

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1348 bytes --]

On Jan 3, 2012 4:55 AM, "James Broadhead" <jamesbroadhead@gmail.com> wrote:
>
> I have a pile of files, and a personal svn repo totalling around 13GiB
> which I want to back up to cheaply to 'the cloud'.  I would also like
> it to be non-trivial for someone with access to the cloud servers to
> decrypt my data.
>
> I have a 50GB free account for Box.net, but would consider others if
> they have significant advantages. The box.net account is only allowed
> upload files of max 100MiB at a time.
>
> Now one problem facing me is that most cloud services don't give
> assurances of bit parity, so I'd like to be able to recover most of
> the files if I lost my local copies and there were bits missing from
> the uploaded backup. This makes the one-big-encrypted-file approach a
> no-go.
>
> My current approach is to use split-tar, with the intention of
> encrypting each file separately. (Is this worse / equivalent to having
> one big file with ECB ? )
> http://www.informatik-vollmer.de/software/split-tar.php
> ...but this seems to have difficulty sticking below the 100MiB
> individual file limit (possibly there are too many large files in the
> svn history).
>
> Any thoughts? I'm sure that many of you face this problem.
>

Make tarball.

Encrypt.

Split using split.

Protect with par2 using the -l option to limit size.

Upload.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1800 bytes --]

Re: [gentoo-user] Secure Cloud Backup

[Doug Hunley]

On Mon, Jan 2, 2012 at 20:16, Florian Philipp <lists@binarywings.net> wrote:
> Well, I have no experience with their service (although I always planned
> to use them), but maybe you can try these guys [1]. They don't have file
> size limits and support everything working over ssh (including sshfs) as
> well as duplicity for file encryption. Of course, having only US
> locations could be a no-go depending on your legal
> considerations/restrictions.
>
> [1] http://www.rsync.net/

I can vouch for them. I've used them for some time and their service
is really good. I especially like their canary which lets you know if
they had to give the keys to the govt ;)

-- 
Douglas J Hunley (doug.hunley@gmail.com)
Twitter: @hunleyd                                               Web:
douglasjhunley.com
G+: http://goo.gl/sajR3