Subject: Re: Encrypting Backups
To: Curt Sampson <>
From: Stefan Schumacher <>
List: tech-security
Date: 09/30/2003 15:48:15
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Curt Sampson ( wrote:
> I currently back up some of my systems by using dump, piping that
> through gzip, and then piping that into an ssh which, on the remote
> machine, terminates in a special script to drop the file in the
> appropriate place on the disk.=20

I dump my /home to /usr/backup, encrypt it, create a SHA1 hash=20
and transfer it to my server, where another SHA1 hash is created and
compared with the old one to ensure there were no errors during

> Second, I'd like to encrypt these backups, since it's looking like it wou=
> be more convenient for me to leave them on a machine which, unfortunatey,
> has a certain amount of public access. Does anyone have any suggestions on
> what to use?

If you just want to use symmetric encryption, I would suggest mcrypt, It's
available on pkgsrc/security and I use it for my backups to, it's fast with
AES-256 and I guess this should be enough.

But you should keep in mind that one single twisted bit can blow the whole
encrypted archive to kingdom come.=20

Another possibility would be to set up an encrypted directory using
pkgsrc/security/cfs, where your archives are to be stored.

I have lost the will to live
Simply nothing more to give
There is nothing more for me
Need the end to set me free      - METALLICA

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)