On 05/07/2017 05:23 PM, Andrew David Wong wrote:
>
> I prefer the security of qvm-backup[-restore], since it allows me to
> keep the vault and its contents permanently offline. The entire VM is
> BZIP compressed, AES-256 encrypted, and HMAC-SHA512 authenticated. The
> integrity verification, authentication, and decryption all happen at
> the dom0 level. The backup is tiny, so the storage overhead is
> inconsequential, and there's no need to worry about file-level
> metadata leakage or the backup file itself being used as an attack
> vector. KeePassX has sufficient built-in versioning for me, and it's
> easy enough to sync Qubes backups across machines with simple scripts.
Git push takes 5 seconds.
qvm-backup requires anywhere between minutes and many hours.
Additionally, it requires the target VM be off.
Weekly backups are served okay by qvm-backup (I say "okay" because I
have a borg backup setup on my Qubes OS system, and it's far more usable
and performant than qvm-backup). Git push is much better suited to,
say, syncing your keyring to other systems.
--
Rudd-O
http://rudd-o.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6da3112a-4873-bc02-4cac-34bf329c4a63%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.
