Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure File Storage Over Non-Trusted FTP?

Posted by kdawson on from the beeping-sounds-while-backing-up dept.

hmckee writes "Does any software exist that enables me to store/backup/sync files from my local computer to a non-trusted FTP site? To accomplish this, I'm using a script to check timestamps, encrypt and sign the files individually, then copy each file to an offsite FTP directory. I've looked over many different tools (Duplicity, Amanda, Bacula, WinSCP, FileZilla) but none of them seem to do exactly what I want: (1) multi-platform (Windows and Linux), stand-alone client (can be run from a portable drive). (2) Secure backup (encrypted and signed) to non-trusted FTP site. (3) Sync individual files without saving to a giant tar file. (4) Securely store timestamps and file names on the FTP server. Any help or info on alternative solutions appreciated."

10 of 384 comments (clear)

  1. Re:A slight oxymoron here. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    "secure" and "untrusted" don't go hand in hand. If you want security, don't put things in untrusted spaces. Period.

    Are you sure about that? I consider my SSH connections secure even tho' they traverse untrusted links. Same goes for my encrypted mails, https connections to my bank, etc.

    Anyway, to the submitter - is areca close to what you want?

    --
    There are shills on slashdot. Apparently, I'm one of them.
  2. Re:Really is a pity by ThePromenader · · Score: 5, Informative

    I'd translate "wasn't possible" to "couldn't be bothered". Once SSH installed (and it is there by default in most *nix distros), you have but one 'user' file to configure (to 'jail' you within a certain hierarchy). Ta-da! Change your host and use SFTP.

    --

    No, no sig. Really.

    ThePromenader
  3. duplicity + ftplicity by Horus107 · · Score: 5, Interesting

    duplicity combined with ftplicity:

    "Anyone storing data on an unfamiliar FTP server needs to encrypt and sign it to ensure reliable protection against prying eyes and external manipulation. duplicity is just the tool for this, and the ftplicity script from c't magazine makes working with it child's play."

    http://www.heise-online.co.uk/security/Backups-on-non-trusted-FTP-servers--/features/79882
    http://duplicity.nongnu.org/

  4. Re:A slight oxymoron here. by Sparohok · · Score: 5, Insightful

    If you want security, don't put things in untrusted spaces. Period.

    Completely, utterly incorrect. It's a sad comment on the ambient understanding of data security that this got modded insightful.

    Trust is seldom a good approach to security. Good security is when you can trust nobody and still sleep at night. That means strong encryption. That is exactly the approach implied by the article and it is exactly the right thing to do.

    I think it is very unwise to ever assume any level of trust in the storage of backups, certainly offsite backups. The whole idea of backups is that you keep them around for a long time, in several copies and several locations. The more valuable your data, paradoxically, the more copies you need and the more widely dispersed they should be. This is antithetical to maintaining trust. The right way, indeed the only way out of this paradox is strong encryption.

  5. Re:Errr by Anonymous Coward · · Score: 5, Insightful

    Even if his userid/passwd are compromised, his data wouldn't.

    So if someone used his userid/passwd to delete his archive or overwrite it, his data wouldn't be compromised?

    Or has the data no value, so the archive can be deleted/corrupted without loss? Then what is the use of archiving it at all?

  6. Manent fits the bill perfectly. by gsasha · · Score: 5, Informative

    Well, it's feature list is exactly what you want and some more :). Here's the project description:
    Manent is an algorithmically strong backup and archival program. It features efficient backup to anything that looks like storage. Currently it supports plain filesystems ("directories"), FTP, and SFTP. Planned are Amazon S3, optical disks, and email (SMTP and IMAP). It can work (making progress towards finishing a backup) over a slow and unreliable network. It can offer online access to the contents of the backup. Backed up storage is completely encrypted. Backup is incremental, including changed parts of large files. Moved, renamed, and duplicate files will not require additional storage. Several computers can use the same storage for backup, automatically sharing data. Both very large and very small files are supported efficiently. Manent does not rely on timestamps of the remote system to detect changes.
    Check it out: http://freshmeat.net/projects/manent. It's under active development (the UI and the setup are currently in fetal stage) but the basic functionality is there and is well tested.
    Disclaimer: I am the author.

  7. Re:I knew a guy who always had headaches by GigaHurtsMyRobot · · Score: 5, Funny

    If you don't really care about your data, why are you asking slashdot how to keep it safe? You already have the answer, it costs $10, now get off my lawn.

  8. Re:I knew a guy who always had headaches by mccabem · · Score: 5, Funny

    #10,407's got you by 1,132,922 membership points, #1,143,329.
    #10,407 and #44,513 both want you off HIS lawn right now.

    Sincerely,
    Membership Police

  9. Re:I knew a guy who always had headaches by Bastard+of+Subhumani · · Score: 5, Funny

    "Get Python, and code it yourself, schmuck!"

    You appear to have misspelled "perl".

    --
    Only three things are certain; death, taxes, and apocryphal quotations - Ben Franklin.
  10. Re:I knew a guy who always had headaches by ashp · · Score: 5, Funny

    In my day we tied an onion to our belts..