[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cryptsetup problem

On 8/06/2014 4:06 AM, Bzzz wrote:
> On Sun, 08 Jun 2014 03:34:04 +1000
> Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
> 
>> Doing a GPG backup of the closed crypt volume would not
>> compress well.  Obviously the more /real/ data there is on the
>> open crypt volume, the larger a GPG backup file will be.
> 
> Indeed, it is very bad practice to bit backup (except
> if you're a forensic)…

Sometimes you want forensic backups.... like having a USB image that is
/known/ to work for instance, or you might want to play around with
something that could risk your data and you want to be sure you can get
back to /exactly/ as it was before.  I do use snapshots though, that
helps.  Definitely don't want to do risk things without good backups,
one way or another.

>> Besides,
>> this is just for example, backing up with GPG might not be a good
>> idea (tm).  Although if you use duplicity [1], it might be an
>> excellent idea, but I don't know enough about that yet.
> 
> One backup pgm I find _very_ practical, when huge tapes
> aren't required, is BackupPC (http://backuppc.sourceforge.net/).
> You can even backup a whole Linux system.

Yep, one day I might try it out -- I use rsnapshot for backups, works
similarly, but without the web interface and I'm the only one who
touches it here.

I was using 3-way RAID1 mirrors and rotating disks, shutdown, remove
disk, startup, add replacement disk.  But not at this time, although it
may happen again soon.  Having clean backups disks off-line is safer
than having everything online.

> It compresses all files, symlink them when they haven't
> change from one backup to another, you get a nice http
> interface (no need of a http svr) where even users can
> backup/restore themselves part or all of their files,
> the way it acts allow you to keep backups for long periods
> of time, etc…

rsnapshot doesn't compress [the backups], that might be the biggest plus
-- it does use symlinks though.

> It can also use the rsync method to keep network exchanges
> quite low.

rsnapshot uses rsync and I can easily exclude ares with .rsync-filter files.

> Note: for your partition(s), using /dev/urandom isn't a problem.
>       Pseudo random generator under Linux is not that bad and
>       its output fit your needs.

Yes, but I still prefer /dev/random for more real random, even if it
blocks.  In my case, I am using /dev/random for the crypt master keys
now -- but /dev/urandom should be just as good here as well ... still,
my preference is for /better/ random ;-)


Cheers
A.
Reply to: