| 1 |
Neil Bothwick <neil@××××××××××.uk> writes: |
| 2 |
|
| 3 |
> On Tue, 05 Jan 2010 16:09:03 -0600, Harry Putnam wrote: |
| 4 |
> |
| 5 |
>> > Why not just tar up the underlying encfs partition? The data |
| 6 |
>> > is already encrypted, what's the point of decrypting it to encrypt it |
| 7 |
>> > again? That way you don't need to rely on any encryption software on |
| 8 |
>> > the remote computer. |
| 9 |
>> |
| 10 |
>> I wanted the option of decrypting on the remote if need be... that is |
| 11 |
>> if my home machine is not accessible for whatever reason. |
| 12 |
>> |
| 13 |
>> For example, if I wanted a forgotten password laying in a text file |
| 14 |
>> but encfs encrypted and on the remote. When for one or another reason |
| 15 |
>> I cannot get it from the home machine. |
| 16 |
>> |
| 17 |
>> In your scenario, I'd need access to both home machine and remote at |
| 18 |
>> the same time to first get the blob of encrypted data off the remote |
| 19 |
>> and then to decrypt it on home. |
| 20 |
> |
| 21 |
> Then use rsync instead of tar, then you can mount the remote filesystem |
| 22 |
> using sshfs and encfs to read individual files. It's a little slow as you |
| 23 |
> are layering two FUSE filesystems, but quicker than downloading a |
| 24 |
> complete tarball just to get at one file. I've used this method with an |
| 25 |
> online backup service and it works. |
| 26 |
|
| 27 |
Neil seems to be thinking the remote has encfs on board... it does |
| 28 |
not. Hence my original quest for a different encryption process, |
| 29 |
(mcrypt) |
| 30 |
|
| 31 |
And both Felix' and Neils solutions seem to require access to the home |
| 32 |
computer or root on the remote. Or a least access to a machine with |
| 33 |
encfs on board. |
| 34 |
|
| 35 |
Also, understand that the encrypted data is quite small... Not talking |
| 36 |
a huge tarball at all. |
| 37 |
|
| 38 |
du -sh ~/myencrypteddata |
| 39 |
7.4M myencrypteddata |
| 40 |
|
| 41 |
|
| 42 |
That is uncompressed |
| 43 |
|
| 44 |
So is it still a bad idea to unencrypt from encfs, recrypt in mcrypt |
| 45 |
and ssh or rsync the result to the remote? |
| 46 |
|
| 47 |
With something this size all of that should happen in a few seconds |
| 48 |
right? |
| 49 |
|
| 50 |
And this way, I'd be able to decrypt the thing on the remote; find what |
| 51 |
I need and delete the unencrypted data leaving only the encrypted. |
| 52 |
|
| 53 |
It does sound like a lot of huffing and puffing so am interested to hear |
| 54 |
other ways. |
| 55 |
|
| 56 |
I haven't tried it yet at all. |
| 57 |
|
| 58 |
I guess another part of my question is will an mcrypted file setting |
| 59 |
on an internet host (that can be hacked and has been at least once |
| 60 |
since I've been involved (5yrs)), be of interest and easy enough to |
| 61 |
crack (not the host but the file itself) that it would be likely a |
| 62 |
hacker would try? |
| 63 |
|
| 64 |
Once again this is not super secretive stuff, like murder or |
| 65 |
such... and even banking info could only lead to a matter of mid 4 |
| 66 |
digit amounts at most. Nasty but not life threatening or bankruptcy |
| 67 |
material and its unlikely at best that all accounts would be drained |
| 68 |
before I caught a sniff of it. |
| 69 |
|
| 70 |
But still, once my trove of passwords and certain banking info was |
| 71 |
lost, it would be a real pita to clean up. |
| 72 |
|
| 73 |
------- --------- ---=--- --------- -------- |
| 74 |
| A side note to forestall answers involving the owner of the host |
| 75 |
| machine being asked to do whatever: |
| 76 |
| |
| 77 |
| That fellow is quite security conscious and far as I know has had |
| 78 |
| only the one hack on some 8-9 or so online machines over at least |
| 79 |
| 10 yrs. (Not a bad record... since he was at one time a target |
| 80 |
| to unprincipled hackers in linux community, who also had accounts |
| 81 |
| on his hosts... so the attack was from inside so to speak) |
| 82 |
| |
| 83 |
| So there won't be much I can suggest that he either doesn't now |
| 84 |
| about or hasn't already tried. |
Archives