Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure File Storage Over Non-Trusted FTP?

Posted by kdawson on from the beeping-sounds-while-backing-up dept.

hmckee writes "Does any software exist that enables me to store/backup/sync files from my local computer to a non-trusted FTP site? To accomplish this, I'm using a script to check timestamps, encrypt and sign the files individually, then copy each file to an offsite FTP directory. I've looked over many different tools (Duplicity, Amanda, Bacula, WinSCP, FileZilla) but none of them seem to do exactly what I want: (1) multi-platform (Windows and Linux), stand-alone client (can be run from a portable drive). (2) Secure backup (encrypted and signed) to non-trusted FTP site. (3) Sync individual files without saving to a giant tar file. (4) Securely store timestamps and file names on the FTP server. Any help or info on alternative solutions appreciated."

10 of 384 comments (clear)

  1. Really is a pity by pembo13 · · Score: 4, Informative

    I have explicitly asked my web host provider for either SFTP or FTPS. They basically said that it wasn't possible to provide that on a shared host. This seems untrue to me, I just can't state it as a fact since I haven't attempted it myself. But to get what the OP wants, one would essentially need a secure file system implementation on top of FTP. Ie. only the client can see the unencrypted file, not the in between transport over FTP, or the server side disk drive.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:Really is a pity by ThePromenader · · Score: 5, Informative

      I'd translate "wasn't possible" to "couldn't be bothered". Once SSH installed (and it is there by default in most *nix distros), you have but one 'user' file to configure (to 'jail' you within a certain hierarchy). Ta-da! Change your host and use SFTP.

      --

      No, no sig. Really.

      ThePromenader
    2. Re:Really is a pity by EdIII · · Score: 4, Informative

      It is ENTIRELY possible to provide that on any host, regardless of the number of users. All you are asking (correct me if I am wrong) is that the connection between you and the FTP server is secured through SSH or TLS.

      That is trivial. Sounds like they cannot be bothered to enact rudimentary security. As a policy in my own systems, and any systems that I pay to use, I demand that any connections that go over untrusted networks be encrypted. There are so many products that help you do this it just makes their refusal all the more ridiculous. I have a product that does not support encrypted connections and I just stunnel to protect it.

      Anything less is just reckless. Tell them to protect your connection or you will get another provider. Simple as that.

  2. TrueCrypt by kcbanner · · Score: 4, Informative

    See http://www.truecrypt.org/ for cross platform encryption...you can throw your files in there.

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  3. Manent fits the bill perfectly. by gsasha · · Score: 5, Informative

    Well, it's feature list is exactly what you want and some more :). Here's the project description:
    Manent is an algorithmically strong backup and archival program. It features efficient backup to anything that looks like storage. Currently it supports plain filesystems ("directories"), FTP, and SFTP. Planned are Amazon S3, optical disks, and email (SMTP and IMAP). It can work (making progress towards finishing a backup) over a slow and unreliable network. It can offer online access to the contents of the backup. Backed up storage is completely encrypted. Backup is incremental, including changed parts of large files. Moved, renamed, and duplicate files will not require additional storage. Several computers can use the same storage for backup, automatically sharing data. Both very large and very small files are supported efficiently. Manent does not rely on timestamps of the remote system to detect changes.
    Check it out: http://freshmeat.net/projects/manent. It's under active development (the UI and the setup are currently in fetal stage) but the basic functionality is there and is well tested.
    Disclaimer: I am the author.

  4. Re:I knew a guy who always had headaches by ettlz · · Score: 4, Informative

    Hey, I'm already doing that! The problem there is putting a Python installation on my portable drive.

    What about Portable Python?

    To me, the problem seems to be if someone has implemented a secure pseudo-filesystem over FTP. I tried looking for that but couldn't find anything.

    If I understand your problem, you want the remote image encrypted, right? In which case SFTP/FTPS is redundant overhead (and whatever data is sent is stored in its plaintext). This is something that might be possible with FUSE (e.g., use the Python-FUSE bindings to construct an FTP client that passes stuff through GnuPG first).

    Thanks for the laughs.

    Heh, you'd be surprised how many people around here lack a sense of humour.

  5. Well, I've also looked into it and found nothing by gsasha · · Score: 4, Informative

    So I wrote it myself. http://freshmeat.net/projects/manent

  6. Re:I knew a guy who always had headaches by mishehu · · Score: 4, Informative

    It appears that there are options for rsync encrypting files on the far end. rsyncrypto might be just one of these. I have not used them but I remember them coming across my 'radar screen' in the past.

  7. Re:I knew a guy who always had headaches by mdmkolbe · · Score: 4, Informative

    Rsyncrypto is insecure. By resetting to the IV, it opens an information leak similar to the one with ECB mode (see the picture of the penguin on that page).

    To see why CBC with occasional reset-to-IV is insecure (regardless of trigger function), consider a long repeating pattern of the same bytes (e.g. the white spaces in the penguin picture). CBC won't encrypt them to the same value (like ECB does), but every time the IV resets the same sequence of encrypted bytes will appear. This pattern is detectable and further the places where this pattern is disrupted is detectable. So going back to the penguin picture, the non-background portions will have a shadow that disrupts the repeating background pattern and revealing the content of the file.

  8. Re:I knew a guy who always had headaches by Sun · · Score: 4, Informative

    Note - I'm the one who designed and wrote rsyncrypto.

    The only obvious leakage is that an attacker can tell if two files are substantially identical.

    Well, no. Two files will likely be encrypted using different session (read - AES) keys, and therefor will not be even remotely similar. One file having two significantly similar areas will show up, however. This case was deemed somewhat remote in my analysis. You are free to perform your own, of course. If you do, please feel free to email me.

    The only place where actual data leakage may happen are due to the fact that a persistent attacker can compare cipher texts, and know where the decision function triggered. This is a good point to ask "how much information is gleaned about the file".

    I think current rsyncrypto is ok on that front, and future plans include improvements. These improvements, alas, will cost in performance.

    Shachar