I got a good security one more ya.
Harijs Buss
harijs at info-shelter.net
Fri Mar 31 16:33:03 UTC 2006
On Friday 31 March 2006 18:49, Kent Borg rakstija:
> If you do have a good key and encryption, if you lose your key,
> you are completely hosed. There is no key recovery if you have
> a secure system.
Yep. That's the point :-)
> Disclaimer 1: I have not experimented with corrupting encrypted data
> and seeing what happens and how lethal it is. It might not be as bad
> as I suggest, or it might be worse.
Some time ago I started to use external USB enclosures with IDE disks as
backup devices. (Yeah, I know, but this is better than nothing anyway :-)
Enclosures are "rotated" according to usual backup scheme. Only one of these
devices are at the same time near backup source, the rest of them are kept
off-site. Files on enclosure disks are synced with original ones using group
of rsync commands. File system is XFS encrypted by AES method with 1024 bit
key. (This was done in another distro but probably there are no big
differences).
Naturally I wanted to know what will happen if, for example, suddenly USB
cable will be pulled out in the middle of big writing. So I did try that :-)
because in the worst case I simply would have to re-format the drive and
re-write the info which is available. Sure my 3 attempts can not count as
"scientific experiment" but they give some impression anyway. All three
times after re-boot (to get rid of any buffered info) and re-connecting
enclosure I was able to mount it as read-only and get off all files except
one which was in writing process when USB cable was plugged out. One of my
colleagues who made similar experiment, in one case could not mount the disk
and therefore could not get anything out because of encryption. In all cases
specific XFS utility programs could not do anything to repair file system, so
I had to re-format partition and write all info that should be there.
Encrypted file systems can be used quite easily but people should really
understand that exactly because of good encryption it would be impossible to
de-crypt info when key is lost. Any tech glitch can also lead to
inaccessibility of info.
But hey, we all make regular backups, don't we? :-)
Harijs
More information about the ubuntu-users
mailing list