[NBLUG/talk] Crypt Filesystems

Jacob Appelbaum jake at nblug.org
Tue Jul 25 14:57:45 PDT 2006


Jippen wrote:
> Hrm... well, would it be possible to just make a block device with
> `dd` and make it a loop-aes encrypted device before sending it to the
> offsite mirror? Or, perhaps mount a remote block device on the
> mirroring server and use that?
> 

Yeah, it would be possible to make a block device and scp or rsync it. I
do think that it's probably a bad idea unless your disk images are
*tiny* though.

It makes the most sense to encrypt both disks on both servers and to
rsync over a vpn (or ssh). Use different keys for your data sets. One
server gets one gpg key with one passphrase, the other entirely different.

Rsync is going to do a better job than almost anything else and it can
be used with ssh easily.

You could get really complicated and use drbd at the same time as
loop-aes. It would be slow but it might be useful for someone.

Regards,
Jacob



More information about the talk mailing list