[NBLUG/talk] Crypt Filesystems
Jacob Appelbaum
jake at nblug.org
Tue Jul 25 14:57:45 PDT 2006
Jippen wrote:
> Hrm... well, would it be possible to just make a block device with
> `dd` and make it a loop-aes encrypted device before sending it to the
> offsite mirror? Or, perhaps mount a remote block device on the
> mirroring server and use that?
>
Yeah, it would be possible to make a block device and scp or rsync it. I
do think that it's probably a bad idea unless your disk images are
*tiny* though.
It makes the most sense to encrypt both disks on both servers and to
rsync over a vpn (or ssh). Use different keys for your data sets. One
server gets one gpg key with one passphrase, the other entirely different.
Rsync is going to do a better job than almost anything else and it can
be used with ssh easily.
You could get really complicated and use drbd at the same time as
loop-aes. It would be slow but it might be useful for someone.
Regards,
Jacob
More information about the talk
mailing list