1 |
Neil Bothwick <neil@××××××××××.uk> writes: |
2 |
|
3 |
> On Tue, 05 Jan 2010 16:09:03 -0600, Harry Putnam wrote: |
4 |
> |
5 |
>> > Why not just tar up the underlying encfs partition? The data |
6 |
>> > is already encrypted, what's the point of decrypting it to encrypt it |
7 |
>> > again? That way you don't need to rely on any encryption software on |
8 |
>> > the remote computer. |
9 |
>> |
10 |
>> I wanted the option of decrypting on the remote if need be... that is |
11 |
>> if my home machine is not accessible for whatever reason. |
12 |
>> |
13 |
>> For example, if I wanted a forgotten password laying in a text file |
14 |
>> but encfs encrypted and on the remote. When for one or another reason |
15 |
>> I cannot get it from the home machine. |
16 |
>> |
17 |
>> In your scenario, I'd need access to both home machine and remote at |
18 |
>> the same time to first get the blob of encrypted data off the remote |
19 |
>> and then to decrypt it on home. |
20 |
> |
21 |
> Then use rsync instead of tar, then you can mount the remote filesystem |
22 |
> using sshfs and encfs to read individual files. It's a little slow as you |
23 |
> are layering two FUSE filesystems, but quicker than downloading a |
24 |
> complete tarball just to get at one file. I've used this method with an |
25 |
> online backup service and it works. |
26 |
|
27 |
Neil seems to be thinking the remote has encfs on board... it does |
28 |
not. Hence my original quest for a different encryption process, |
29 |
(mcrypt) |
30 |
|
31 |
And both Felix' and Neils solutions seem to require access to the home |
32 |
computer or root on the remote. Or a least access to a machine with |
33 |
encfs on board. |
34 |
|
35 |
Also, understand that the encrypted data is quite small... Not talking |
36 |
a huge tarball at all. |
37 |
|
38 |
du -sh ~/myencrypteddata |
39 |
7.4M myencrypteddata |
40 |
|
41 |
|
42 |
That is uncompressed |
43 |
|
44 |
So is it still a bad idea to unencrypt from encfs, recrypt in mcrypt |
45 |
and ssh or rsync the result to the remote? |
46 |
|
47 |
With something this size all of that should happen in a few seconds |
48 |
right? |
49 |
|
50 |
And this way, I'd be able to decrypt the thing on the remote; find what |
51 |
I need and delete the unencrypted data leaving only the encrypted. |
52 |
|
53 |
It does sound like a lot of huffing and puffing so am interested to hear |
54 |
other ways. |
55 |
|
56 |
I haven't tried it yet at all. |
57 |
|
58 |
I guess another part of my question is will an mcrypted file setting |
59 |
on an internet host (that can be hacked and has been at least once |
60 |
since I've been involved (5yrs)), be of interest and easy enough to |
61 |
crack (not the host but the file itself) that it would be likely a |
62 |
hacker would try? |
63 |
|
64 |
Once again this is not super secretive stuff, like murder or |
65 |
such... and even banking info could only lead to a matter of mid 4 |
66 |
digit amounts at most. Nasty but not life threatening or bankruptcy |
67 |
material and its unlikely at best that all accounts would be drained |
68 |
before I caught a sniff of it. |
69 |
|
70 |
But still, once my trove of passwords and certain banking info was |
71 |
lost, it would be a real pita to clean up. |
72 |
|
73 |
------- --------- ---=--- --------- -------- |
74 |
| A side note to forestall answers involving the owner of the host |
75 |
| machine being asked to do whatever: |
76 |
| |
77 |
| That fellow is quite security conscious and far as I know has had |
78 |
| only the one hack on some 8-9 or so online machines over at least |
79 |
| 10 yrs. (Not a bad record... since he was at one time a target |
80 |
| to unprincipled hackers in linux community, who also had accounts |
81 |
| on his hosts... so the attack was from inside so to speak) |
82 |
| |
83 |
| So there won't be much I can suggest that he either doesn't now |
84 |
| about or hasn't already tried. |