Re: [rdiff-backup-users] Data Privacy from system administrator withrdiff-backup

[Andreas Olsson]

On Monday 29 December 2008 13:49:11 Dominic wrote:
>  ... But I don't understand why it is not secure to use
> encfs directly on the third party remote server (assuming that it is
> available of course)? Something like this (sorry this is from a Windows
> client hence use of plink and unusual escapes):
>
> rdiff-backup --remote-schema "plink.exe -ssh -i mykey.ppk %s echo
> ""S3cr3tP4s5w0rd""^| encfs -S ~/archives-enc/ ~/archives/; rdiff-backup
> --server; fusermount -u ~/archives/" "C:/Documents and Settings/Dominic/My
> Documents" address@hidden::~/archives/mydocs; 

> My idea is that this will first  mount the encrypted directory
> (~/archives-enc/) so that it can be read and written to unencrypted (as
> ~/archives/), then run rdiff-backup into this  directory, then unmount so
> that thereafter the data can only be seen encrypted - unless you have the
> password. 
>
>  Of course this way we have sent the password to the remote server, but we
> have done so using ssh and I don't think this can be sniffed or found by
> the server's system administrator (it is not saved in .bash_history) - or
> can it be?

Well, assuming it works, that solution will theoreticly give the sysadmin in 
question access to all your data. In the space between where your ssh-session 
ends and your encfs begins all your data, as well as your encfs-password, 
will exist in the servers memory.

If this is a purely theoretical danger or a real threat most likely depends on 
what sysadmin you are dealing with, the sensitivity of the data, etc.

-- 
Andreas Olsson
http://www.andreasolsson.se/

signature.asc
Description: This is a digitally signed message part.