On 02/23/15 05:28, John Gamble wrote: >> Understood. And for this, the best solution is probably to use something >> other than Tarsnap. Given that you're going to upload them once and never >> touch them again (hopefully) there are lots of tools which will do the job >> for you -- removing the need for deduplication makes everything much simpler. > > Can you suggest what other service might be useful in this situation? I'm > curious to know, as it might be something I'd want to look into at some point.
If I was going to put "cold" data into Glacier, I would probably encrypt it using scrypt and then upload it directly. I think the AWS Console even lets you do this from a web browser. The key issue here is that when you take deduplication out of the picture, you can encrypt and upload separately; which means that as long as you do the encryption using a good tool, the tool you use to upload your data doesn't need to be written with any awareness of security or cryptography. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid