[ExI] Computer Backups

Khaled Aly ka.aly at luxsci.net
Fri Nov 30 22:39:23 UTC 2007


> Eugen Leitl wrote:

> You have either to use a server-side cryptographic filesystem,
> or encrypt everything client-side and/or push it out via a VPN.
>   
Server side is fine if you can ensure that the way your private key is 
constructed strictly and trustfully occurs on your machine. I have 
verified one provider, somehow I got to ensure their algorithm is true. 
If you're speaking IPSec VPN, it should not matter if the content is 
already in crypt, provided the algorithm is trusted (like what's https 
vs. shtml).

> It has to be offsite, though, orelse the secondary/backup failure would
> be causally entangled with whatever nuked your primary system (fire,
> lightning, thieves, SWAT, etc.).
>   
Sure. Depends on the required capacity and environment (personal or 
pro). All of us ultimately prefer to keep their wallets and key chains 
inside their pockets, or close to their sight. But the car, we can only 
leave it in the garage, or the street if the first is unavailable. Then 
it's open to trust or whatever!

>>    most and only need that); or using a recognizable desktop software
>>    like "Acronis" (but then you store one or more 'coded' archive files,
>>    and you're only sure upon your first restoration), or just simply
>>    doing a delete-copy-paste-etc. (most aggravating and disk consuming
>>    but also assuring as you get to see your files). You can also backup
>>    using a mass storage email service like gmail. Just protect your
>>     
>
> On another list this caused a (temporary?) account suspension due
> to violation of terms of use. Since gmail now offers you both
> POP3 and IMAP I suggest y'all use it, if you use for more than
> a sacrificial porn stash.
>   
Please tell what exactly caused that so I could learn and pay attention, 
did you mean promotion of a product, I almost started to disclaim that 
but then I disregarded it. Several commercial names were quoted in the 
thread. You really should, as a heartily voted moderator, tell what 
should be avoided on a mail list in such occasion.

What's different to you w.r.t. security among anything without 's', 
while even that does not guarantee absolute but it gives you a start 
point that it can only broken by a professional if feasible.
>>    private data 'best' with PGP before submitting it to third parties.
>>     
>
> Apropos of nothing, fabricating MD5 collisions at least for Adobe
> Acrobat (.pdf) documents is trivial now (takes a bit 'o crunch
> on a single PS3).
>   

PGP gives you the choice of algorithms and key lengths (256, may be 
512/1024-bit). Chances of cracking crypt reduces highly exponentially 
with key length as you sure know. When you encrypt a whole volume, the 
content is mixed and not just pdf or else. Please elaborate if you got 
more or contra on this. After all, we assume the attacker has limited 
resources.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20071201/2f793576/attachment.html>


More information about the extropy-chat mailing list