Data Encryption
foner-rsync at media.mit.edu
foner-rsync at media.mit.edu
Mon Jun 12 21:51:05 GMT 2006
Date: Mon, 12 Jun 2006 14:18:00 -0400
From: Matt McCutchen <hashproduct at gmail.com>
On Mon, 2006-06-12 at 10:58 -0700, Chuck Wolber wrote:
> On Mon, 12 Jun 2006, Brad Farrell wrote:
>
> > Is there a way with rsync to encrypt data at the source before
> > transmitting? Not talking about the actually transmission, but the data
> > itself. I've got a few department heads that want their data secured
> > before it leaves their computer so that no one in the office can access
> > the data except for them.
Then again, the data is saved decrypted on the destination disk. Maybe
the files should be individually encrypted with a symmetric algorithm on
the source before transmission. This could be done with either a script
or the --source-filter option provided by an experimental rsync patch.
Note that typical encryption algorithms prevent incremental transfer
from identifying unchanged portions of a file; rsyncrypto does not but
I'm not sure I trust its security.
The right solution is probably to run an encrypted filesystem on the
machine that holds the backups, and of course to use ssh getting the
files there. That way, rsync's incremental algorithm is actually of
some use. While you're at it, put an encrypted filesystem on the
machines the data is coming -from-, too, especially if they're
laptops. Machines do get stolen.
More information about the rsync
mailing list