1 |
Neil Bothwick <neil@××××××××××.uk> writes: |
2 |
|
3 |
> On Fri, 01 Jan 2010 12:32:07 -0600, Harry Putnam wrote: |
4 |
> |
5 |
>> I want to encrypt a directory heirarchy on a remote machine where I |
6 |
>> don't have root. I can use either an openbsd, or gentoo remote. |
7 |
> |
8 |
> Provided the kernel has ecrypt support and the userspace utilities are |
9 |
> installed, you can use ecrypt to encrypt a directory as an ordinary user. |
10 |
|
11 |
I just discovered the remote where I want to do this has mcrypt on |
12 |
board so thinking tar first to get around any directory problems and |
13 |
then mcrypt.... I haven't actually tried it yet but anyone know if |
14 |
that is a non-starter. |
15 |
|
16 |
What I'm actually thinking of doing: |
17 |
|
18 |
I have an encfs encrpted partition on my home machine.. However I want |
19 |
a back up offsite. |
20 |
|
21 |
The encrypted partition would be mounted, the contents tarred/gzipped, |
22 |
mcrypt'ed on home machine then scp'ed to the remote for offsite |
23 |
storage once a week or so, overwriting each time. |
24 |
|
25 |
The remote also has mcrypt so in a pinch I hope to be able to |
26 |
unencrypt there (on the remote) if need be.. (Home machine becomes |
27 |
unusable or cannot be accessed for one reason or another) |
28 |
|
29 |
There is some sensitive stuff in there. But not black helicopter caliber. |
30 |
|
31 |
I guess I'm asking; if the remote were hacked for some reason, would my |
32 |
mcripted tarball be an easy target? |
33 |
|
34 |
I'm pretty confident the encfs partition on home machine is fairly |
35 |
safe, even if the host is compromised... (I mean assuming this isn't |
36 |
CIA operatives ...) They'd have first to get my user passwd... (root |
37 |
cannot access the encfs files but I guess with root you could just |
38 |
reset the user passwd..). And then the encfs partition password |
39 |
(which cannot be reset without knowing the current passwd. |