Monday, April 6, 2009

Encrypted backup made easy

As security of information is important to me, I've been trying to think of a way to manage private information, while keeping that information backed up.

I had thought about something simple, like a free ssh shell account. And there, storing my pgp keys as well as an encrypted file with my text password file. I decided that would not be a good idea since the machine where I put those keys and file would have someone (anyone) else as root who might, if clever enough, hack into my account. In addition, those accounts are usually very space limited to a measure of megabytes which would keep the text file just fine, but isn't large enough for much else.

I have been playing with Truecrypt since they managed to make the hidden partition inside of an encrypted container. They have addressed a very important point that with the current legal environment it is possible to be forced to surrender your password for an encrypted volume. Truecrypt does this clever thing that lets you determine one of two filespaces inside the encrypted volume based on the password given. That is to say, that after you go through the process with Truecrypt that you may then open the space with pictures of the family and with another open the space that has all of your top secret plans. In this way you may satisfy the volunteering of your "password" without volunteering any information. Plausible deniablity and all that.

So, this is a neat solution for secure security, but then how to get that volume around. I mean, a usb key with a 1Gig file on it is fine, but then when you drop it in the toilet, run over it with your car or otherwise have something nasty happen to it, that information is lost. So, I looked at Getdropbox in order to see if that would work. The free account there holds 2Gig which is more than enough for locking in the keys to the rest of your private world.

The Truecrypt volume is mounted like a file system, you know, like a usb key or a 2nd internal hard drive. It would seem that the automated backup portion of the Getdropbox application sees the unmounting of the volume as a revision to the file and then starts the process to upload the file anew and syncronizying with all other clients connected.

The big bonus is that both the Getdropbox software and Truecrypt are available in all 3 major operating systems (Win, Mac, Linux). Which means that in all the different systems and all the ways I may access any of that software from any machine (given I can install the apps). Double bonus is that both of these, the Truecrypt application and the Getdropbox service is free. This means there is no "border to entry" due to sticker price. Clearly anyone could come up with other solutions, I just find this one to satisfy my security needs while being available anywhere and only to me. Worse case, even if I'm busted, I donate the weak password to disclose only my shopping list from last week. If you haven't used either of these apps, I highly recommend both. And if more space is what you need, there is a paid version of Getdropbox that offeres more space.


No comments: