[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Cheap IOMMU hardware and ECC support importance

  • To: xen-users@xxxxxxxxxxxxx
  • From: Gordan Bobic <gordan@xxxxxxxxxx>
  • Date: Tue, 15 Jul 2014 10:17:50 +0100
  • Delivery-date: Tue, 15 Jul 2014 09:18:09 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

On 2014-07-15 09:16, lee wrote:
Gordan Bobic <gordan@xxxxxxxxxx> writes:

On 07/10/2014 09:59 AM, lee wrote:
Gordan Bobic <gordan@xxxxxxxxxx> writes:

I'd have to make a huge tar archive or something of my data and encrypt
that with gpg before uploading it.  That isn't really feasible.

No, encfs is a layer and stores each encrypted file and filename as
normal, they are just encrypted. So when you mount the encrypted data
to a mount point, it's available unencrypted. When you look at the
encrypted directory tree, the file names and contents are scrambled.

So to back it up, you back up the encrypted subtree directly. No need
for intermediate steps.

And how good is this encryption?


Is that good enough?

Almost certainly.

What if I forget the passphrase or whatever it uses?

Same thing that happens if you lose your GPG passphrase - you lose
whatever was encrypted with it.

That's a problem.  It happened to me with gpg passphrases.

If you are not up to remembering a passphrase, that pretty much
rules out any and all encryption for you. :(

To back it up, I'd still have to make an archive which I can upload.

Depends on how the backup service works. Many have a deamon that
monitors directories you specify and uploads changes.

Then I won't be able to encrypt them with gpg.

Yes you can. You can, for example, set up lsyncd to monitor the
encrypted directory, rather than the mountpoint, and sync encrypted
files to an alternate location (local or remote). The backup
daemon never needs to see the plain text files.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.