Re: how to backup to an encrypted usb drive?

To: debian-user@lists.debian.org
Subject: Re: how to backup to an encrypted usb drive?
From: Lee <ler762@gmail.com>
Date: Wed, 14 Nov 2018 12:52:57 -0500
Message-id: <[🔎] CAD8GWsvqV1Fv-s=O4h_mKCVU2q=Z0RnVB1tewH2HPaNOzyJvHA@mail.gmail.com>
In-reply-to: <[🔎] E1gMy9t-0001dV-8H@enotuniq.net>
References: <[🔎] CAD8GWssJoEp6xzfKk+NNoDbG6WHtJqDrcwAK6PQeyzUFnAXkvA@mail.gmail.com> <[🔎] E1gMwmJ-0001Ym-GE@enotuniq.net> <[🔎] CAD8GWsvhr-VTAt0OSUR8g6VtGCS+SMuQ4npMUPDvGG3SC=NCsQ@mail.gmail.com> <[🔎] E1gMy9t-0001dV-8H@enotuniq.net>

On 11/14/18, Reco <recoverym4n@enotuniq.net> wrote:
> On Wed, Nov 14, 2018 at 10:50:44AM -0500, Lee wrote:
>> On 11/14/18, Reco <recoverym4n@enotuniq.net> wrote:
>> > 	Hi.
>> >
>> > On Wed, Nov 14, 2018 at 10:01:38AM -0500, Lee wrote:
>> >> What are you using to backup your files to an encrypted usb drive?
>> >
>> > For the backup itself - dump(8) or xfsdump(8) (filesystem dependent).
>>
>> Which seems to require restore or xfsrestore?
>
> Precisely.
>
>
>> https://linux.die.net/man/8/xfsdump
>>   The media format used by xfsdump can only be understood by xfsrestore.
>> I can't tell from a quick look at dump/restore if I can look at files
>> on the backup media or not
>
> No, you do not. You'll need restore/xfsrestore first.
> The whole purpose of a good filesystem backup is to capture all
> file/directory attributes (which include, but aren't limited to POSIX
> permissions, POSIX ACLs, SELinux labels, capability labels, extended
> attributes to name a few). That's where dump/xfsdump guarantee you to
> capture anything that a filesystem supports.
>
> If you're content with losing all this metadata in your backup - there
> are rsync, cpio or tar. Or all those 'backup solutions' based on those.

Do I need all that metadata?  This is for me at home so it's pretty
much a single user machine.

>> > For the encryption of this hypothetical drive (I don't use USB drives
>> > for these purposes) - luks only.
>>
>> Why don't you like USB drives for these purposes?
>
> Because backing up something to NFS share is easier.

but leaves you open to cryptolocker ransomware & various 'oh shit!'
moments when I do something stupid.  Offline & offsite is worth a
certain amount of inconvenience to me.

> And, I'm strong believer of 'machine works, human thinks' principle.
> Automating backups to NFS (and replicating them from there) is simple.
> Automating backup to USB drive - that's something that cannot be done
> without human intervention.
>
>> In other words, what am I missing?
>
> Encrypted backups have their purpose, of course. For storing backups
> offsite (whenever it's physical or cloud) encryption is invaluable.
>
> But, the encryption is only as secure as the management of the
> encryption key, and the only relatively secure example of that I can
> come up with is gpg. And utilizing gpg for unattended backups is painful
> to say the least.

Which is why I liked truecrypt.  Is luks roughly equivalent for
encrypting the whole drive?

Thanks
Lee

Reply to:

Follow-Ups:
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>

References:
- how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>
- Re: how to backup to an encrypted usb drive?
  - From: Lee <ler762@gmail.com>
- Re: how to backup to an encrypted usb drive?
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: how to backup to an encrypted usb drive?
Next by Date: Re: how to backup to an encrypted usb drive?
Previous by thread: Re: how to backup to an encrypted usb drive?
Next by thread: Re: how to backup to an encrypted usb drive?
Index(es):
- Date
- Thread