Re: How do I protect my "dump" sets against physical theft?

ToddAndMargo wrote:

Hi All,

I have a series of removable disks that I use to put
my "dump" backup sets on. If one of these disks gets
stolen, it will be a serious problem.

Anyone have any advice as to how to make the data
useless to any potential thief? Encryption, passwords,

Many thanks,

As someone else mentioned you can use an encrypted file system. It works
best if you do this with /home, but if you have important data on other file
systems you might find that it works acceptably.

There are several solutions for automatic encryption of data written to the
disk. There can be some concerns with these. If you do an upgrade it's
really best to export a tar/pax archive beforehand, and encrypt that
tarball, so that if there is a problem with dm-crypt or something else, you
can recover your data.

You can encrypt files with the openssl utility. It supports a variety of
encryption algorithms.

Here is a script that should work for encryption:


openssl enc -aes-256-cbc -salt -in $1 -out $2

Here is a decryption script:


openssl enc -d -aes-256-cbc -salt -in $1 -out $2

There are also hardware crypto devices you can get to offload the cost of
encryption. In general the average desktop usage of a disk wouldn't require
a hardware crypto device or crypto accelerator.

You may also find it useful to use an encrypted swap file, depending on your
setup, and paranoia. :-)



Relevant Pages

  • [a.p] Passware Kit Forensic Decrypts TrueCrypt Hard Disks in Minutes
    ... Law enforcement organizations can easily access stored data from TrueCrypt hard disks of 'hot' computers ... Long believed unbreakable, TrueCrypt is a free open-source full-disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux, that creates virtual hard disks with real-time encryption. ... In response to customer requests, especially from law enforcement organizations, Passware has enhanced Passware Kit Forensic to allow for memory acquisition of a seized computer over FireWire port, even if the computer is locked. ...
  • Re: TrueCrypt broken
    ... the "password recovery algorithms" for encrypted files technic ... is a bit vague and lacks description. ... Truecrypt volumes (on powered down hard disks or flash disks) this will ... use Full Disk Encryption, but I keep thinking about it more and more ...
  • SecretDrive 1.0
    ... to create up to 8 encrypted virtual disks. ... strong "on the fly" data encryption by one of five ... hidden disks in an existing one, backup and restore secret disk ...
  • Re: zfs-geli-zfs: opinions/suggestions
    ... have a freebsd 7.0-beta4 machine attached to an external disk enclosure and would like feedback on the following setup: have RAID-Z on 4 disks, ZFS volume that takes up entire RAID-Z, use ZVOL from volume for encryption via geli, use .eli device to make another ZFS pool. ... the idea being "no time/resources wasted doing fscks plus encryption sans hardware RAID". ... geli'ing the disks and creating a pool ontop of the encrypted disks (zpool create secure raidz ... i got a reboot while scp-ing some files to /a from another machine with the above setup. ...
  • Re: How do I protect my "dump" sets against physical theft?
    ... I have a series of removable disks that I use to put ... "Passwords" implies encryption of some sort. ... If the dump is created as a file on the disk, ...