Slashdot Mirror
Ask Slashdot: Simplifying Encryption and Backup?
New submitter FuzzNugget writes "A recent catastrophic hard drive failure has caused me to ponder whether the trade-off between security and convenience with software-based OTFE is worthwhile. My setup involves an encrypted Windows installation with TrueCrypt's pre-boot authentication, in addition to having data stored in a number of TrueCrypt file containers. While it is nice to have some amount of confidence that my data is safe from prying eyes in the case of loss or theft of my laptop, this setup poses a number of significant inconveniences." Read on below; FuzzNugget lists some problems with this set-up, and seeks advice on a simpler system for backing up while keeping things locked down.
FuzzNugget continues: "1. Backup images of the encrypted operating system can only be restored to the original hard drive (ie.: the drive that has failed). So, recovery from this failure requires the time-consuming process of re-installing the OS, re-installing my software and re-encrypting it. Upgrading the hard drive where both the old and new drives are still functional is not much better as it requires decryption, copying the partition(s) and re-encryption.
2. With the data being stored in large file containers, each around 100-200GB. It can be come quite burdensome to deal with these huge files all the time. It's also a particularly volatile situation, as the file container is functionally useless if it's not completely intact.
3. As much as I'd like to use this situation as an opportunity to upgrade to an SSD, use with OTFE is said to pose risks of data leaks, cause decreased performance and premature failure due to excessive write operations.
So, with that, I'm open to suggestions for alternatives. Do you use encryption for your hard drive(s)? What's your setup like and how manageable is it?"
2. With the data being stored in large file containers, each around 100-200GB. It can be come quite burdensome to deal with these huge files all the time. It's also a particularly volatile situation, as the file container is functionally useless if it's not completely intact.
3. As much as I'd like to use this situation as an opportunity to upgrade to an SSD, use with OTFE is said to pose risks of data leaks, cause decreased performance and premature failure due to excessive write operations.
So, with that, I'm open to suggestions for alternatives. Do you use encryption for your hard drive(s)? What's your setup like and how manageable is it?"
Aka: you are doing it wrong. First think of backup: you have a machine, and you copy its contents to another drive. Ok. Easy. Now take a breath, and use OTFE for the original hard disk, and now add OTFE for the external drive/media. There. The backup has NOTHING to do with encryption. If you have forced yourself into a backup solution which requires encryption integration to the point that it only restores to a specific hardware, you are failing hard time, precisely for the reason backups are for when you don't have the original hardware.
Again, separate backup from encryption. I mean, next you will want an integrated internet/remote backup and you will cry us a river? Compartimentalize each function and then you can mix them freely.
I use encryption across all my desktops and laptops. On my laptops I just use dmcrypt/cryptsetup and encrypt the whole disk running ubuntu. For storage I use my fileserver which is 1x500gb encrypted with dmcrypt for the OS and for the "storage" of the fileserver I have redundancy against failure: LVM with 2x 1TB sata disks. The LVM has both physical volumes as seperate "mirror" slices (encrypt 1 disk, add a mirror disk). The total usable storage is around 790 GB but I already had one disk fail and I could simply "mount" my data without one disk being present & rebuild the LVM mirror using a new disk! Secure & reliable! The only issue I have not been able to solve in this setup is if/when one disk fails, your data is only available read-only because the lvm-mirror is only "partial" and physical volumes are missing. If anybody knows a solution for that, please comment. This was just a temporary issue though, as soon as a new disk was added and the mirror rebuilt, all was back to normal.
On OS X, you can easily create bootable images of drives using programs like SuperDuper! and Carbon Copy Cloner (stupid names). You can encrypt these files, put them on various types of drives and OS X can boot off of USB and FireWire drives which makes backups and restores pretty easy.
OS X also allows for encrypted sparseimages (folders) that can be stored on Dropbox or similar. Between the two concepts, I avoid the hassle of whole drive encryption and just worry about encrypting some of my data.
I would think that Windows would have similar functionality - mostly the ability to create bootable backup drives - is this not so?
Faster! Faster! Faster would be better!
aside: "OFTE" seems to stand for "On The Fly Encryption" - an initialism I hadn't heard used by IT folks before ... but anyway....
Why aren't you backing up your files from one encrypted volume to another, at the file level? It sounds like you're doing block level backups of your container files. Do you not trust your backup computer to have those volumes open and decrypted at backup time? Dealing with block-level diffs isn't an easy way to approach the problem, but you could look at mirroring a copy-on-write filesystem, or a dedicated backup application that does its own block diffs and maps for incrementals.
I use LUKS on linux for my backups, and then the backup drives go offsite. But the backup computer is allowed to access the files while the backup is running - which isn't a problem for the risks I'm trying to defend against. If you can't trust your backup computer, another approach is to run Windows as a VM and handle your backups with linux, which has a lower intrusion rate.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I'm using LUKS encryption and LVM2 on my Linux Desktop and there are no problems.
I don't see the point to encrypt the system partition because there is no private data on it. I just encrypt my home partition.
Backup and restore I have multiple possibilities: just use dd and copy the whole partition, use rsync or rsync-backup to backup the files. To store my backups I have created a cheap software RAID10 with external USB hard disks: https://www.anr-institute.com/projects/projects/raid-10-usb-2-5zoll-extern/wiki
With the RAID I have some security of the data in case of driver failure and I can just add more disks if I need more space.
If I have a new computer I can just install a new os (takes about 20 minutes) and copy the home partition.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
private is private and provided you use proper security on access controls all is hunky dory
If your data is stored unencrypted, and your physical security can't guarantee to prevent hostile access to storage devices, then you don't really have any access control at all.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I think your answers are wrong.
1) All the more reason to encrypt stuff, although it would take more than that.
2) Protect your privacy in the case of hardware getting stolen.
3) Because you can is a very good reason (see #2).
I'm looking into adding this extra layer of protection to laptops and external disks for our customers as an option.
home
...that it almost becomes a work of art. I want to just sit and admire it and try and tease out the nuances of idiocy and subtle details or inanity that lurk within the depths of its stupidity, in hopes that I'll reach some new plateau of understanding as I gain insight into the essential nature of the moron of the species.
alas, time is short, so I'll have to return another time to bask in the aura of this commentator's ignorance.
He doesn't say what OS he is using. If he is not using a mac I would reccomend a combination of full disk encyption on the local machine and use crashplan (java application) to back up an incremental set of encrypted backups. Crashplan works very well and is very reliable in my experience. (It's only problem is the bloat java program tend to do when they have been running for a long time.)
If he is using Mac OS then since 10.7 it is possible to manage encrypted disk backup most easily with the tools apple provides built in to the OS. The way it works is that you use Full disk encryption. After you boot the disk is readable by the OS. The OS then runs the backup system (Time Machine). If you use time machine you can set it to encrypt the backups. These backups can be done to a remote OSX drive and still use encryption regardless of whether the remote drive itself is Full Disk Encrypted. (That is Time machine manages the backup as an encrypted disk image).
The FDE on the Mac is accelerated with special decryption Intel Chip ops so there's no measurable speed decrease even when using an SSD, thus it does not need a special hardware encryption disk. It behaves just like a non-encrypted disk from the point of view of every program trying to access it.
That is to say FDE is preferable to the old style of OSX encryption that used encrypted disk images. With those the problems you list were all manifest (no incremental backups, catastrophic loss of all data from image corruption, and brittel behaviour of apps that expect their paths to be valid at all time regardless of the mount state of the image).
Some drink at the fountain of knowledge. Others just gargle.
On Windows, I prefer to use Acronis software for imaging and TrueCrypt for encryption.
Since the TrueCrypt operations happen at a low level that's transparent to Windows and other applications that interact with the disk, once I enter the pre-boot password for TrueCrypt and load Windows I can interact with the disk as if it were not encrypted: by making images with Acronis after Windows has booted, Acronis sees the disk as a standard NTFS drive. I can save the image of the unencrypted contents of the disk to some sort of secure backup media.
The backup media may be encrypted on its own, or I could use the encryption mechanisms built into Acronis to protect the image files. If I were use Acronis bootable media and try imaging the disk, I'd only get an image of the encrypted data -- by booting into Windows first I can make an image of the unencrypted contents of the disk.
If the encrypted drive were to ever fail I could write the image back to a new drive sans encryption. This also allows me more flexibility in regards to resizing the filesystem to new disks: since I took the image of the unencrypted contents of the disk I can resize the filesystem to a new disk. If I had encrypted the raw disk itself then I would not have this option. After restoring, I can then encrypt-in-place using TrueCrypt to secure the new drive.
As for the encrypted containers, mount them and back up their contents.
Intelligence agencies do NOT want you using Truecrypt. So Slashdot obliges with a carefully constructed attack against Truecrypt that is designed to encourage betas to seriously consider the commercial options that always contain back-doors.
You see the same thing in nonsense reports that tell you intelligence agencies have the ability to recover properly erased files, or files from smashed hard-drives. Slashdot frequently promotes stories suggesting that smashing platters or properly erasing files is a waste of time. Each story is carefully created to lower the likelihood of people in general using proper security protocols.
What do hard-drive failures and encryption security have to do with one another? Absolutely NOTHING. Why would someone wish you to conflate the two things in your mind?
Simple bit errors in Truecrypt volumes do not destroy access to all the encrypted files, but I can understand why certain people have an interest in telling you so. All forms of file storage, encrypted or not, are vulnerable to hardware failures in pretty much the same way. A catastrophic failure will make you wish you had used proper back-up protocols, regardless of file security. Indeed, back-up and encryption have nothing to do with one another, and encryption certain doesn't compromise back-up methods.
"I used Truecrypt, and when something went wrong, I lost all my files". Read this sentence. The read again. Then imagine someone saying it at the beginning of an advertisement. Why does the ad start this way? What is the ad trying to get you to think? Then, perhaps, you might want to Google a bloke named Edward Bernays.
Once again, every commercial security system has back-doors, and therefore the so-called encryption provided this way isn't worth a damn. Rock-solid encryption algorithms are in the public domain, and no, the NSA does NOT have secret UFO technology allowing them to break such encryption. By law, every single security vendor that operates in the West or does business in the West has to give NSA people full co-operation to allow intelligence agencies ways to bypass security offered by their products.
Slashdot does not daily carry stories attacking North Korea, Syria and Iran by accident. Remember, this is supposed to be a 'nerd' tech site, and yet one might think, form the content, that it was one of Rupert Murdoch's media outlets instead from the sickening political propaganda. Every story promoted here is thus suspect, if you have even one functioning brain-cell. You must always ask "why is this story chosen to be promoted?"
A few more words about Crashplan.
Crashplan markets itself as a competitor to things like Mosy and other purveyors of managed remote backup. But Crashplan is distintly different than all these others in a way that is unbeatable. Namely, you don't have to use their archives to store your data. With crashplan you can target any disk as backup storage. This could be an external disk connected by USB 3.0 or one over at your freinds house (they run crashplan too), or you can use crashplans servers. They sell the app not the service if just want to use it with your own disks or a freinds.
The difference here is what happens when you need to restore. With any other service (like Mosy) you are hosed. How the heck are you going to recover a terrabyte from the remote storage to your local disk over the internet????? Not going to happen. FOr a fee Mosy will burn DVDs and mail them to you. But that assumes you know what date you want the back up for. If you are trying to recover from some slow disk corruption or a trojan you want to inspect the backups first to find the latest possible date before the corruption started, then you want to add back the newer files you can salvage. That's not going to happen with the DVDs you have sent to you.
But crash plan is different. You just drive across town to your freinds house and pick up the drive. Mount it locally and find all the files you need for the backup. Just like what you would like to have! perfect.
If crashplan would just solve their Java memory management issues it would be perfect. when you launch it it starts off with 100MB but a week later it's up to a gigabyte of memory use. Fortunately it seems the Virtual Memory manager is able to page out most of this when it's not active, but java programs are such out of control pigs.
Some drink at the fountain of knowledge. Others just gargle.
He doesn't say what OS he is using.
Yes, he does: "My setup involves an encrypted Windows installation ".
If I imaged the entire drive, it would take many hours each time. I image only the OS partition, for the sake of restoring in case of malware infection or other bad software that I want to rid completely. And I have restored it many times for this purpose.
I have tried restoring the image to a new drive and subsequently restored the TrueCrypt bootloader, key data / volume header and, as a last resort, decrypting the volume after restoring it from an image. It wouldn't boot after any of these things. After decryption, gparted still couldn't identify or mount the partition.
I have not encrypted the entire drive. The setup is like:
[Windows 7 encrypted OS] [unencrypted partition with autonomous encrypted file containers / VHDs]
I do it this way because file containers are more portable than encrypting the entire drive or entire data partitions.
Do you live in an underground bunker, with automated blast doors and multi-layer security? I doubt it. Does anybody really care enough to defeat such measures to get into your house? I suspect you're like the rest of us, with standard locks and maybe an alarm system or a dog, or both. That is sufficient to deter all but the most determined criminals. And if anyone is determined enough, your extra security won't stop them anyway.
Your data isn't that different. Nobody is really after your data, at least not to the point of being willing to spend serious money and time getting into your system. The real threats are things like malware (which won't even be slowed down by your encrypted drive), or somebody snooping around on your hard drive after stealing your laptop (when actually they are more likely to want to just sell it).
Common sense is the best protection for most of us. Don't save passwords in an unencrypted file. Use a non-trivial password to log on to your system. Hang on to your stuff. You get the idea.
What backup software are you using that requires imaging the whole drive with every backup? You will need to do a single full backup for the initial backup, and then only changes are synced over on whatever backup schedule you do, I have my backups setup to do the incrementals daily. You would then configure your backup software how it you want it to keep data, maybe keep the first of the month snapshot for three months, with a yearly that rotates out every other year.
TrueCrypt encrypting a drive has no effect on the backup process. You're running Windows 7 and backups in Windows will use Volume Shadow Copy which access the drive after TrueCrypt decrypts it. For example you fully encrypt your system partition, after booting into Windows you create a backup of the drive. You restore the backup to another drive. The restored backup will not be encrypted. You might be able to find some software that would do a low level raw read of an HDD and backup each sector, but that's horribly inefficient in both backup speed, and required amount of storage for each backup.
Do you know for sure what exactly is illegal in different countries? Some people travel internationally. Maybe some of your completely legal stuff is illegal in some other country you're travelling to.
That's the main reason for encryption. If someone steals your laptop, losing the hardware is bad enough. You don't want them also to have access to your private data. And no, your OS level security cannot protect your files in that case, because all one has to do is to boot a live system from CD or DVD (using an external drive, if necessary) and use that to access the files. Since your installed OS isn't even started, it cannot prevent that access. Or alternatively, remove the hard drive and put it in a different computer.
The Tao of math: The numbers you can count are not the real numbers.
Get a Mac. Turn full disk encryption via Filevault2 on. Backup using Time Machine with an encrypted backup drive. The encryption is invisible except that you have to enter the password from time to time.
you are not backing up your data. Let me make it easy for you. What happens when a file becomes corrupted? What happens to your "mirror" copy? Does it too become corrupted? If so, you might want to reconsider and start making real backups.