Privacy

31830 readers

186 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Should I rethink the encryption method of my backup drives? (lemmy.today)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

I've been using veracrypt for the past 4 years to create container files in everything from thumb drives to external hard drives. After upgrading one of my backup drives, I decided that I will switch to a different filesystem altogether going on, from ntfs to ext4, since I havent really used windows in those 4 years. With the reasoning behind using veracrypt and ntfs in the first place being for compatibility, should I switch to LUKS? Veracrypt is dramatically more feature rich but I dont really take advantage of those. I just encrypt my drives in case of burglars and other unwanted eyes. I do already have a disaster plan in place so I would have to do a total overhaul of things, but I'm not sure if this is a wise decision. My gut says no but what do you think? What would I gain?

Edit: shouldve added that these drives are for warm storage for my weekly manual backups of files.

Edit 2: the general opinion is to use a tool that supports encryption but I dont really feel comfortable with that but do appreciate it. It's just I've been manually updating my backup drives for a while now and like how simple my routine is. Think my decision is to just stick with veracrypt but format every future drive (including a new one I ordered) as ext4. My current drives wont be reformatted in order to reduce unnecessary wear on them. Thank you all for your help

all 12 comments

sorted by: hot top controversial new old

[–] [email protected] 12 points 1 year ago (1 children)

Take a look at https://borgbackup.readthedocs.io/en/stable/

[–] [email protected] 10 points 1 year ago (1 children)

I'm by no means a security expert, but I encrypt all my drives with LUKS on ext4 (or btrfs with the system drive on Fedora). I have a similar use case to yours, so i would be interested in your disaster plan as you call it.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

Oh by disaster plan I mean incase of drive failure/my death. Its the 3,2,1 backup rule basically. 1 original backup drive and a copy of it are local in a fire resistant box within a bolted down safe, then an offsite cold copy of my backup drive is at a loved one's home where backups are manually updated monthly. The more important data is also stored in the cloud with cryptomator just as more insurance for myself. A laminated paper with credentials needed to access the data is stored in 2 places, another loved one's home in their safe (cloud provider account credentials opted out) with instruction in case I die, and hidden local in case I forget anything.

[–] [email protected] 4 points 1 year ago

This is exactly my backup strategy even using cryptomator for a cloud backup. My PC and kiddos laptops are all linux so have no worries about needing a Windows machine for recovery and even if all systems died I could always use a live distro to boot elsewhere and access my files.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

LUKS with LVM is probably what you want to encrypt your "hot" drives with. As for the actual backups, Borg and Duplicacy are great. I personally prefer Duplicacy as I find it much more polished, but Borg is great too. Both include encryption options.

If you're concerned about recovering data, you should try recovering now. Make sure your backups are actually working and you can properly recover. You don't have backups unless you test them.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

LUKS is a great option, but as someone who was in your exact shoes, and went from TrueCrypt to VeraCrypt to LUKS, I eventually landed on ZFS.

It's just so, easy. Make an encrypted Zpool on your main /storage disk. Assign a /storage/documents (or whatever you want), Make another Zpool on your /backup disk, and use zfs snap and send to copy only the bit level data that changes.

So fast, so little disk access, and you can manage snapshots. There is even copy-on-write meaning file recovery is easy, too. I use it to send over SSH to a remote server, too.

[–] [email protected] 5 points 1 year ago

The only change I would recommend looking at is using a backup tool like restic, which can encrypt and also provide snapshots. Restic (and ilk, I'm sure) also deduplicate incremental backups, can compress, and (restic, at least) can mount snapshots. That last feature has been so helpful to me, because it allows easy access to individual files in a snapshot.

Restic also supports a number of cloud storage backends, like BackBlaze, which makes offsite storage hella easier than carting physical media around.

There are a couple of these sorts of tools, and while I'm most familiar with restic, I'd guess they have similar capability. I'd suspect using one would simplify your set-up.

[–] [email protected] 4 points 1 year ago

I'd choose LUKS over Veracrypt for simplicity. If the drive is solely for backup, depending on the backup tool you use, you might not even need encryption on the file system level. Several backup solutions support data encryption.

[–] [email protected] 3 points 1 year ago (1 children)

Is the drive you're backing up even encrypted? If not, all of this is for nothing.

LUKS or file-based encryption is fine either way, but you'll probably have better performance with LUKS.

[–] [email protected] 6 points 1 year ago

Yeah the drives of each of my machines are fully encrypted

[–] [email protected] 2 points 1 year ago

If this is for live disks or mirrors (not backup), LUKS is reasonable. Backup is different from mirroring since one of the things it protects you from is accidentally deleting files. If you delete a file from your main drive, it also disappears from the mirror drive, so mirrors are not backup. For encrypted backup, I've been using Borg backup which is quite well thought out, though confusing at first. The backups go on a remote server which is ok since they are all encrypted.