[kwlug-disc] OT - degauss/wipe a dead hard drive/LTO tapes

Chris Irwin chris at chrisirwin.ca
Mon May 3 15:36:53 EDT 2010


On Mon, May 3, 2010 at 13:33, Oksana Goertzen <ogoertzen at gmail.com> wrote:
> Re:  drive encryption
>
> How do you back up your data if the drive is encrypted?  Do you back up the
> whole volume?  .. and how do you do that - login as a different account and
> backup the directory/volume?  I guess I'm a little concerned about
> corruption and
> then the whole volume is gone.  I do use encryption for files and some
> emails but
> my keys are on the hdd  [.. and yes, there is a difficult & long password
> defined
> for the key].

For my laptop, I used ecryptfs, which was an option during the Ubuntu
installer. It only encrypts my home directory, which is fine since
that is all I care about. It is decrypted via a PAM hook at logon. I
sync $HOME with unison, so I'm logged in when that happens and the
unencrypted data is copied. Even if I wanted to automate, files are
still accessible in their encrypted form (as plain files, not a
loopback image or anything). Back those and the key up, and you're
good.

For my desktop, I don't bother. /home is over nfs. Otherwise I'd do
the same as above.

For my server, I haven't bothered. I went with md raid 5, and the
disks are from two different manufacturers, so I don't think there is
as much of a worry there of disk manufacturers seeing anything. I
could go ecryptfs as well, but since it only works while logged in, I
would not be able to do a lot of the automation I currently do. Also,
since my logins to the server are via ssh key auth, and that would not
decrypt $HOME.

-- 
Chris Irwin
<chris at chrisirwin.ca>



More information about the kwlug-disc_kwlug.org mailing list