Re: I got a good security one more ya.

On Friday 31 March 2006 18:49, Kent Borg rakstija:
If you do have a good key and encryption, if you lose your key,
you are completely hosed.  There is no key recovery if you have
a secure system.

Yep. That's the point :-)

Disclaimer 1: I have not experimented with corrupting encrypted data
and seeing what happens and how lethal it is. It might not be as bad
as I suggest, or it might be worse.

Some time ago I started to use external USB enclosures with IDE disks as
backup devices. (Yeah, I know, but this is better than nothing anyway :-)
Enclosures are "rotated" according to usual backup scheme. Only one of these
devices are at the same time near backup source, the rest of them are kept
off-site. Files on enclosure disks are synced with original ones using group
of rsync commands. File system is XFS encrypted by AES method with 1024 bit
key. (This was done in another distro but probably there are no big
differences).

Naturally I wanted to know what will happen if, for example, suddenly USB
cable will be pulled out in the middle of big writing. So I did try that :-)
because in the worst case I simply would have to re-format the drive and
re-write the info which is available. Sure my 3 attempts can not count as
"scientific experiment" but they give some impression anyway. All three
times after re-boot (to get rid of any buffered info) and re-connecting
enclosure I was able to mount it as read-only and get off all files except
one which was in writing process when USB cable was plugged out. One of my
colleagues who made similar experiment, in one case could not mount the disk
and therefore could not get anything out because of encryption. In all cases
specific XFS utility programs could not do anything to repair file system, so
I had to re-format partition and write all info that should be there.

Encrypted file systems can be used quite easily but people should really
understand that exactly because of good encryption it would be impossible to
de-crypt info when key is lost. Any tech glitch can also lead to
inaccessibility of info.

But hey, we all make regular backups, don't we? :-)

Harijs

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: I got a good security one more ya.
    ... I don't know yet about Ubuntu. ... shouldn't be problem because encryption should be essentially the same. ... Enclosures are "rotated" according to usual backup scheme. ... File system is XFS encrypted by AES method ...
    (Ubuntu)
  • Re: I got a good security one more ya.
    ... Is there any option to install Ubuntu with an excrypted file system? ... Enclosures are "rotated" according to usual backup scheme. ... and therefore could not get anything out because of encryption. ...
    (Ubuntu)
  • Re: File systems
    ... No "normal" file system is secure. ... but the word you really mean is "tokens" to gain access. ... the encryption key as a token. ...
    (alt.computer.security)
  • Re: Protection from a Rescue or Live CD accessing the filesystem
    ... CFS pushes encryption services into the Unixfile system. ... Package: encfs ... EncFS integrates file system encryption into the Unixfile system. ... PAM module to automatically mount encfs filesystems on login ...
    (comp.os.linux.setup)
  • Re: Advice about ext3, please
    ... All my internal HD are ext3, ... Journaling basically safe-guards against power failure and system crashes. ... It keeps track of the file system which makes recovery fast and more reliable than file systems without Journaling. ... If your USB external is for backup or file transfers then I recommend using the ext2 file system on it. ...
    (Debian-User)