Re: cryptsetup problem
On 8/06/2014 4:06 AM, Bzzz wrote:
> On Sun, 08 Jun 2014 03:34:04 +1000
> Andrew McGlashan <email@example.com> wrote:
>> Doing a GPG backup of the closed crypt volume would not
>> compress well. Obviously the more /real/ data there is on the
>> open crypt volume, the larger a GPG backup file will be.
> Indeed, it is very bad practice to bit backup (except
> if you're a forensic)…
Sometimes you want forensic backups.... like having a USB image that is
/known/ to work for instance, or you might want to play around with
something that could risk your data and you want to be sure you can get
back to /exactly/ as it was before. I do use snapshots though, that
helps. Definitely don't want to do risk things without good backups,
one way or another.
>> this is just for example, backing up with GPG might not be a good
>> idea (tm). Although if you use duplicity , it might be an
>> excellent idea, but I don't know enough about that yet.
> One backup pgm I find _very_ practical, when huge tapes
> aren't required, is BackupPC (http://backuppc.sourceforge.net/).
> You can even backup a whole Linux system.
Yep, one day I might try it out -- I use rsnapshot for backups, works
similarly, but without the web interface and I'm the only one who
touches it here.
I was using 3-way RAID1 mirrors and rotating disks, shutdown, remove
disk, startup, add replacement disk. But not at this time, although it
may happen again soon. Having clean backups disks off-line is safer
than having everything online.
> It compresses all files, symlink them when they haven't
> change from one backup to another, you get a nice http
> interface (no need of a http svr) where even users can
> backup/restore themselves part or all of their files,
> the way it acts allow you to keep backups for long periods
> of time, etc…
rsnapshot doesn't compress [the backups], that might be the biggest plus
-- it does use symlinks though.
> It can also use the rsync method to keep network exchanges
> quite low.
rsnapshot uses rsync and I can easily exclude ares with .rsync-filter files.
> Note: for your partition(s), using /dev/urandom isn't a problem.
> Pseudo random generator under Linux is not that bad and
> its output fit your needs.
Yes, but I still prefer /dev/random for more real random, even if it
blocks. In my case, I am using /dev/random for the crypt master keys
now -- but /dev/urandom should be just as good here as well ... still,
my preference is for /better/ random ;-)