On Monday 29 December 2008 13:49:11 Dominic wrote:
... But I don't understand why it is not secure to use
encfs directly on the third party remote server (assuming that it is
available of course)? Something like this (sorry this is from a Windows
client hence use of plink and unusual escapes):
rdiff-backup --remote-schema "plink.exe -ssh -i mykey.ppk %s echo
""S3cr3tP4s5w0rd""^| encfs -S ~/archives-enc/ ~/archives/; rdiff-backup
--server; fusermount -u ~/archives/" "C:/Documents and Settings/Dominic/My
Documents" address@hidden::~/archives/mydocs;
My idea is that this will first mount the encrypted directory
(~/archives-enc/) so that it can be read and written to unencrypted (as
~/archives/), then run rdiff-backup into this directory, then unmount so
that thereafter the data can only be seen encrypted - unless you have the
password.
Of course this way we have sent the password to the remote server, but we
have done so using ssh and I don't think this can be sniffed or found by
the server's system administrator (it is not saved in .bash_history) - or
can it be?
Well, assuming it works, that solution will theoreticly give the sysadmin in
question access to all your data. In the space between where your ssh-session
ends and your encfs begins all your data, as well as your encfs-password,
will exist in the servers memory.
If this is a purely theoretical danger or a real threat most likely depends on
what sysadmin you are dealing with, the sensitivity of the data, etc.
------------------------------------------------------------------------
_______________________________________________
rdiff-backup-users mailing list at address@hidden
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki