On Sunday 23 September 2007 20:06:01 Richard (MQ) wrote:
> > I don't follow this part :-?
>
> Getting a bit OT but:
But very interesting, for us and somebody else wanting to do encrypted
backups.
Ah! Before I forget: I wrote to '/etc/sysconfig/kernel' this line:
MODULES_LOADED_ON_BOOT="cryptoloop twofish"
I think this should work to load those two modules instead of using boot.local
> I create a regular file of rubbish, and loop-mount it with crypto before
> generating a filesystem and finally mounting normally:
>
> $ dd if=/dev/urandom of=file.img count=700 bs=1048576 (i.e. owner=user)
/dev/urandom, /dev/random... what's the difference? ... (un)signed, perhaps?
>
> # losetup -e twofish256 /dev/loop0 file.img
> # mkfs.ext3 /dev/loop0
> # mount -t ext3 -o rw /dev/loop0 mountpoint
>
> Copy what I want to keep to mountpoint then:
>
> # umount mountpoint
> # losetup -d /dev/loop0
>
> $ md5sum file.img > file.md5 (i.e. owner=user again)
>
> Then write file.img and file.md5 to cd using k3b. Easy to test integrity
> without having to crypto-mount:
>
> $ cd cd-mountpoint
> $ md5sum -c file.md5
Curious!
> And to mount for reading
>
> # losetup -e twofish256 /dev/loop0 cd-mountpoint/file.img
> # mount -t ext3 -o ro /dev/loop0 mountpoint
>
> Not too hard to script these steps, except for the problem with cd
> mount-point names under /media. Of course, same idea for DVDs.
I always mount manually, so I don't have the /media names problem.
My procedure is simpler. First I create an empty file:
nimrodel:~ # nice dd if=/dev/zero of=crypta_f_dvd \
bs=1MB count=4700
4700+0 records in
4700+0 records out
4700000000 bytes (4.7 GB) copied, 99.32 s, 47.3 MB/s
(Watch line wrap: I'm using kmail now and i don't know how to tell it not to
wrap)
I didn't think to randomize it, as I suppose the encryption thing will do its
work. The file has the exact size of a DVD image. Then I encrypt it via loop:
nimrodel:~ # losetup -T -e twofish256 /dev/loop2 crypta_f_dvd
Password:
Retype password:
nimrodel:~ # file -s /dev/loop2
/dev/loop2: data
And I create the XFS filesystem on the loop device:
nimrodel:~ # mkfs -V -t xfs -L CryptoDVD_MM /dev/loop2
nimrodel:~ # file -s /dev/loop2
/dev/loop2: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)
And that's all. I can mount that filesystem via fstab (after the losetup thing
is freed):
/imgs/crypta_f_dvd /mnt/crypta.x.dvd xfs \
noauto,user,loop,encryption=twofish256 0 0
In this way, I can simply copy the files I want to backup to the mounted image
in /mnt/crypta.x.dvd just using any tool I want. When done, I umount it, then
burn the image directly using growisofs or k3b.
I can test the dvd:
minas-morgul:~ # losetup -e twofish256 /dev/loop2 /dev/hdc
Password:
minas-morgul:~ # file -s /dev/loop2
/dev/loop2: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)
This is the step I should have done this morning, by the way.
> I generally use this scheme for backups of documents, emails etc. - not
> spectacularly secret, but potentially useful to an ID thief. Most
> ordinary punters won't be able to read it, but of course GCHQ / NSA etc.
> wouldn't take very long if they ever wanted to...
Of course :-)
> A lot of people take essentially no backups, and many of those who do
> take them leave unprotected data lying around. Not very sensible really!
True...
I don't encrypt every thing. My filesystem is plain, but there are somethings
I keep encrypted.
I have been bitten with a corrupted filesystem just while I was adding a new
HD to make fast backups - Murphys law :-(
The problem nowdays is that DVDs are too small for making backups of a 300 GiB
HD :-(
--
Cheers,
Carlos E.R.
(from RC1)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
