Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure File Storage Over Non-Trusted FTP?

Posted by kdawson on from the beeping-sounds-while-backing-up dept.

hmckee writes "Does any software exist that enables me to store/backup/sync files from my local computer to a non-trusted FTP site? To accomplish this, I'm using a script to check timestamps, encrypt and sign the files individually, then copy each file to an offsite FTP directory. I've looked over many different tools (Duplicity, Amanda, Bacula, WinSCP, FileZilla) but none of them seem to do exactly what I want: (1) multi-platform (Windows and Linux), stand-alone client (can be run from a portable drive). (2) Secure backup (encrypted and signed) to non-trusted FTP site. (3) Sync individual files without saving to a giant tar file. (4) Securely store timestamps and file names on the FTP server. Any help or info on alternative solutions appreciated."

3 of 384 comments (clear)

  1. Re:A slight oxymoron here. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    "secure" and "untrusted" don't go hand in hand. If you want security, don't put things in untrusted spaces. Period.

    Are you sure about that? I consider my SSH connections secure even tho' they traverse untrusted links. Same goes for my encrypted mails, https connections to my bank, etc.

    Anyway, to the submitter - is areca close to what you want?

    --
    There are shills on slashdot. Apparently, I'm one of them.
  2. Re:A slight oxymoron here. by Sparohok · · Score: 5, Insightful

    If you want security, don't put things in untrusted spaces. Period.

    Completely, utterly incorrect. It's a sad comment on the ambient understanding of data security that this got modded insightful.

    Trust is seldom a good approach to security. Good security is when you can trust nobody and still sleep at night. That means strong encryption. That is exactly the approach implied by the article and it is exactly the right thing to do.

    I think it is very unwise to ever assume any level of trust in the storage of backups, certainly offsite backups. The whole idea of backups is that you keep them around for a long time, in several copies and several locations. The more valuable your data, paradoxically, the more copies you need and the more widely dispersed they should be. This is antithetical to maintaining trust. The right way, indeed the only way out of this paradox is strong encryption.

  3. Re:Errr by Anonymous Coward · · Score: 5, Insightful

    Even if his userid/passwd are compromised, his data wouldn't.

    So if someone used his userid/passwd to delete his archive or overwrite it, his data wouldn't be compromised?

    Or has the data no value, so the archive can be deleted/corrupted without loss? Then what is the use of archiving it at all?