[BBLISA] whole disk encryption

Edward Ned Harvey bblisa4 at nedharvey.com
Sat Aug 21 23:13:35 EDT 2010 

> From: bblisa-bounces at bblisa.org [mailto:bblisa-bounces at bblisa.org] On

> Behalf Of K. M. Peterson

> 

> I'm trying to figure out how whole disk encryption is "desirable -

> mostly in terms of backups".  How is that the case?

 

It's a given that encryption will be used for the most sensitive data.
Presently, file containers are being used.  Somewhere in the hard drive,
TrueCrypt has a *.tc file, or OSX has a sparsebundle.  The problem with
backups is ... How do you backup an encrypted *.tc file?  If you want, you
can unmount it, and copy the whole file.  But that takes forever.  It's very
difficult to get regular incremental backups of it (at least once a day or
so...) because you have to copy the entire volume, regardless of how small
your change was inside it ... Another possibility is to have something like
Goodsync constantly polling for the existence of the mounted volume, and
then sync the contents of the mounted volume to some remote location as long
as the volume is mounted.  But then you're spending a lot of effort polling
for changes, etc, and you're using multiple tools (goodsync in addition to
trueimage or time machine.)  So there is a larger opportunity for failure
instead of maintaining only one backup system.

 

Given that there is already a daily full system incremental backup (Acronis
True Image or OSX Time Machine) and you have to exclude the *.tc files due
to enormous size, then the WDE is desirable, because you don't need an
encrypted file container anymore.  You can save all your private files
directly on the C: drive, and allow Acronis to simply perform daily
incrementals.  It's efficient.

 

Although OSX sparsebundles handle this better than truecrypt, it's still far
from efficient, and suffers the same problem on a smaller scale.  Every time
you change a tiny file in your sparsebundle, 8Mb chunk of the sparsebundle
needs to be sent to the server.

 

Also, if you're using any type of file container, if you want to restore a
single file from within the volume ... You can't.  Your only choice is to
restore the whole volume.

 

So there are a lot of ways that it's more desirable, in terms of backups, to
use WDE instead of encrypted file containers.  Because then you're able to
use whole-disk backup tools to perform incremental backups, and you're able
to obtain a decent level of granularity and manageability.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20100821/44533956/attachment.htm

More information about the bblisa mailing list