Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Truecrypt for VPS
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Truecrypt for VPS

    trexostrexos Member
    edited July 2013 in General

    Hello,

    Today I encrypted my PC (again) with TrueCrypt and I asked myself if it's possible to encrypt one small OpenVZ VPS for having an encrypted online backup. For sure I could make a WinRar archieve or something like that and save things there but I would like to have something like TrueCrypt on my VPS.

    Does anyone have ideas?

    Edit: And yes I saw that Truecrypt works on Linux as well, but does this work without GUI?

    Thanks in advance!

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

    Comments

    • RalliasRallias Member, Provider

      http://www.truecrypt.org/docs/command-line-usage

      On linux, replace / with -

      Also, you have to make sure FUSE is enabled.

    • InfinityInfinity Member, Provider

      @trexos said:
      Edit: And yes I saw that Truecrypt works on Linux as well, but does this work without GUI?

      Yes, I'm pretty sure it was originally made as a command line version. On the other hand if you're using TrueCrypt for something very private, it's not that great, if it's just for simple data you don't want your VPS provier to see it can be a good idea. It could be a bit intensive on the CPU although I haven't measured it.

    • trexostrexos Member

      @Rallias said:
      http://www.truecrypt.org/docs/command-line-usage

      On linux, replace / with -

      Also, you have to make sure FUSE is enabled.

      Thank you! I should have find this alone :D

      @Infinity said:
      Yes, I'm pretty sure it was originally made as a command line version. On the other hand if you're using TrueCrypt for something very private, it's not that great, if it's just for simple data you don't want your VPS provier to see it can be a good idea. It could be a bit intensive on the CPU although I haven't measured it.

      Why do you mean for very private data it's not that good?

      OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

    • InfinityInfinity Member, Provider

      @trexos said:
      Why do you mean for very private data it's not that good?

      As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

    • alexalex Member

      why not owncloud?

      DomainAgent - a smart tool for keeping details of domains you own. We're on twitter too!
    • trexostrexos Member

      @Infinity said:
      As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

      You mean decrypt the files or use this memory dump vulnerability?

      @alex said:
      why not owncloud?

      AFAIK the files aren't encrypted, are they?

      OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

    • ownCloud has server-side encryption AFAIK. I would recommend duplicity for backups or SpiderOak for sync.

      I recommend Prometeus, the best provider ever!

    • cldfcldf Member

      @Infinity said:
      As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

      I don't really like this comment because it implies that TrueCrypt has some kind of an vulnerability that can be abused if someone has enough time/resources. It doesn't if the user doesn't fck it up themselves. If you imply that he/she probably will, then I agree.

    • InfinityInfinity Member, Provider

      Not sure about the truth to it but I saw quite a few articles on how it was easily 'breakable', not sure if that's still the case or the truth to it.

    • netomxnetomx Member, Moderator

      Maybe TrueCrypt with kvm

    • trexostrexos Member

      You are talking about TrueCrypt on Linux right? Because I read that it should be secure on windows except this memory dump thing

      OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

    • emgemg Member
      edited July 2013

      I believe that everyone is missing several key points.

      Before we continue, could @trexos please be VERY specific about his proposal, and his threat model?

      No matter what the threat model, there is no way to ensure the absolute security of your VPS against the VPS provider, irrespective of which tool you use to encrypt its data. Your VPS provider has complete power over your VPS. They can see RAM, I/O, the CPU, and the files on your disk.

      In addition to the threat represented by the VPS provider, we must also assume that:

      • The VPS is secure from outside attackers who could install a rootkit or other malware on your VPS to get your data.
      • Your encryption tools are secure. (This was mentioned as a possible issue, above.)
      • You are properly using the encryption tools - strong keys, strong passwords, etc.

      It is possible to construct limited scenarios where your data is secure. Here are a few examples:

      • The hosting provider doesn't have the tools or the inclination to poke around at your VPS' disk, RAM, etc.
      • You have absolute trust that the hosting provider won't peek.
      • The encryption takes place outside the VPS - outside hosts do their own encryption externally, then send the encrypted data to the VPS.
      • The files are encrypted by the VPS using ephemeral (not stored) keys, before the hosting provider starts watching. As long as the VPS doesn't decrypt them while the hosting provider is watching (or recording), then the stored files are safe.

      Special note:
      I didn't mention entropy, which tends to be an esoteric topic, but your VPS must have access to sufficient isolated and independent random data to meet its encryption needs. Frankly, I do not know enough about how VPSs are engineered to understand how their needs for cryptographically strong random data are met, but it is a potential issue.

    • trexostrexos Member

      @emg

      Thanks for your long answer! I just wanted to save some files outside from my country, nothing big. I think I'll use TrueCrypt Container files which I store on the VPS encrypted with AES and a 40 letters/numbers etc. password.

      Thanks for all your great answers!

      OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

    • emgemg Member

      @trexos said:
      emg

      Thanks for your long answer! I just wanted to save some files outside from my country, nothing big. I think I'll use TrueCrypt Container files which I store on the VPS encrypted with AES and a 40 letters/numbers etc. password.

      Thanks for all your great answers!

      If you create the TrueCrypt container files on your home computer, and then upload them to your VPS in encrypted form, then they will be secure on the VPS from everyone, including the VPS provider. The only security issue would be someone who might recover the files from your home computer or find the password where it is stored. You must keep the 40 character password in a safe place, because if it is lost, there is no way to decrypt your files.

    • Or you can make a password like "I am going to the Market, I have to buy 13 Kg of tomatoes !"
      That should be secure enough and not hard to remember.
      On ovz it is not easy, but on Xen/KVM you can use iSCSI or NFS to store containers and open remotely witht he keys stored only on your home computer, the host will see only the blocks coming and going, it iwll be impossible to know what you are putting there in order to see the differences and deduct the keys in any way shape or form.

      Thanked by 1Mark_R

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    Sign In or Register to comment.