New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Truecrypt for VPS
Hello,
Today I encrypted my PC (again) with TrueCrypt and I asked myself if it's possible to encrypt one small OpenVZ VPS for having an encrypted online backup. For sure I could make a WinRar archieve or something like that and save things there but I would like to have something like TrueCrypt on my VPS.
Does anyone have ideas?
Edit: And yes I saw that Truecrypt works on Linux as well, but does this work without GUI?
Thanks in advance!
Comments
http://www.truecrypt.org/docs/command-line-usage
On linux, replace / with -
Also, you have to make sure FUSE is enabled.
Yes, I'm pretty sure it was originally made as a command line version. On the other hand if you're using TrueCrypt for something very private, it's not that great, if it's just for simple data you don't want your VPS provier to see it can be a good idea. It could be a bit intensive on the CPU although I haven't measured it.
Thank you! I should have find this alone
Why do you mean for very private data it's not that good?
As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.
why not owncloud?
You mean decrypt the files or use this memory dump vulnerability?
AFAIK the files aren't encrypted, are they?
ownCloud has server-side encryption AFAIK. I would recommend duplicity for backups or SpiderOak for sync.
I don't really like this comment because it implies that TrueCrypt has some kind of an vulnerability that can be abused if someone has enough time/resources. It doesn't if the user doesn't fck it up themselves. If you imply that he/she probably will, then I agree.
Not sure about the truth to it but I saw quite a few articles on how it was easily 'breakable', not sure if that's still the case or the truth to it.
Maybe TrueCrypt with kvm
You are talking about TrueCrypt on Linux right? Because I read that it should be secure on windows except this memory dump thing
I believe that everyone is missing several key points.
Before we continue, could @trexos please be VERY specific about his proposal, and his threat model?
No matter what the threat model, there is no way to ensure the absolute security of your VPS against the VPS provider, irrespective of which tool you use to encrypt its data. Your VPS provider has complete power over your VPS. They can see RAM, I/O, the CPU, and the files on your disk.
In addition to the threat represented by the VPS provider, we must also assume that:
It is possible to construct limited scenarios where your data is secure. Here are a few examples:
Special note:
I didn't mention entropy, which tends to be an esoteric topic, but your VPS must have access to sufficient isolated and independent random data to meet its encryption needs. Frankly, I do not know enough about how VPSs are engineered to understand how their needs for cryptographically strong random data are met, but it is a potential issue.
@emg
Thanks for your long answer! I just wanted to save some files outside from my country, nothing big. I think I'll use TrueCrypt Container files which I store on the VPS encrypted with AES and a 40 letters/numbers etc. password.
Thanks for all your great answers!
If you create the TrueCrypt container files on your home computer, and then upload them to your VPS in encrypted form, then they will be secure on the VPS from everyone, including the VPS provider. The only security issue would be someone who might recover the files from your home computer or find the password where it is stored. You must keep the 40 character password in a safe place, because if it is lost, there is no way to decrypt your files.
Or you can make a password like "I am going to the Market, I have to buy 13 Kg of tomatoes !"
That should be secure enough and not hard to remember.
On ovz it is not easy, but on Xen/KVM you can use iSCSI or NFS to store containers and open remotely witht he keys stored only on your home computer, the host will see only the blocks coming and going, it iwll be impossible to know what you are putting there in order to see the differences and deduct the keys in any way shape or form.