Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Truecrypt for VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Truecrypt for VPS

trexostrexos Member
edited July 2013 in General

Hello,

Today I encrypted my PC (again) with TrueCrypt and I asked myself if it's possible to encrypt one small OpenVZ VPS for having an encrypted online backup. For sure I could make a WinRar archieve or something like that and save things there but I would like to have something like TrueCrypt on my VPS.

Does anyone have ideas?

Edit: And yes I saw that Truecrypt works on Linux as well, but does this work without GUI?

Thanks in advance!

Comments

  • http://www.truecrypt.org/docs/command-line-usage

    On linux, replace / with -

    Also, you have to make sure FUSE is enabled.

  • InfinityInfinity Member, Host Rep

    @trexos said:
    Edit: And yes I saw that Truecrypt works on Linux as well, but does this work without GUI?

    Yes, I'm pretty sure it was originally made as a command line version. On the other hand if you're using TrueCrypt for something very private, it's not that great, if it's just for simple data you don't want your VPS provier to see it can be a good idea. It could be a bit intensive on the CPU although I haven't measured it.

  • trexostrexos Member

    @Rallias said:
    http://www.truecrypt.org/docs/command-line-usage

    On linux, replace / with -

    Also, you have to make sure FUSE is enabled.

    Thank you! I should have find this alone :D

    @Infinity said:
    Yes, I'm pretty sure it was originally made as a command line version. On the other hand if you're using TrueCrypt for something very private, it's not that great, if it's just for simple data you don't want your VPS provier to see it can be a good idea. It could be a bit intensive on the CPU although I haven't measured it.

    Why do you mean for very private data it's not that good?

  • InfinityInfinity Member, Host Rep

    @trexos said:
    Why do you mean for very private data it's not that good?

    As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

  • alexalex Member

    why not owncloud?

  • trexostrexos Member

    @Infinity said:
    As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

    You mean decrypt the files or use this memory dump vulnerability?

    @alex said:
    why not owncloud?

    AFAIK the files aren't encrypted, are they?

  • ownCloud has server-side encryption AFAIK. I would recommend duplicity for backups or SpiderOak for sync.

  • cldfcldf Member

    @Infinity said:
    As in it's not as secure as it's made out to be. If someone has enough time/resources they can break into it.

    I don't really like this comment because it implies that TrueCrypt has some kind of an vulnerability that can be abused if someone has enough time/resources. It doesn't if the user doesn't fck it up themselves. If you imply that he/she probably will, then I agree.

  • InfinityInfinity Member, Host Rep

    Not sure about the truth to it but I saw quite a few articles on how it was easily 'breakable', not sure if that's still the case or the truth to it.

  • netomxnetomx Moderator, Veteran

    Maybe TrueCrypt with kvm

  • trexostrexos Member

    You are talking about TrueCrypt on Linux right? Because I read that it should be secure on windows except this memory dump thing

  • emgemg Veteran
    edited July 2013

    I believe that everyone is missing several key points.

    Before we continue, could @trexos please be VERY specific about his proposal, and his threat model?

    No matter what the threat model, there is no way to ensure the absolute security of your VPS against the VPS provider, irrespective of which tool you use to encrypt its data. Your VPS provider has complete power over your VPS. They can see RAM, I/O, the CPU, and the files on your disk.

    In addition to the threat represented by the VPS provider, we must also assume that:

    • The VPS is secure from outside attackers who could install a rootkit or other malware on your VPS to get your data.
    • Your encryption tools are secure. (This was mentioned as a possible issue, above.)
    • You are properly using the encryption tools - strong keys, strong passwords, etc.

    It is possible to construct limited scenarios where your data is secure. Here are a few examples:

    • The hosting provider doesn't have the tools or the inclination to poke around at your VPS' disk, RAM, etc.
    • You have absolute trust that the hosting provider won't peek.
    • The encryption takes place outside the VPS - outside hosts do their own encryption externally, then send the encrypted data to the VPS.
    • The files are encrypted by the VPS using ephemeral (not stored) keys, before the hosting provider starts watching. As long as the VPS doesn't decrypt them while the hosting provider is watching (or recording), then the stored files are safe.

    Special note:
    I didn't mention entropy, which tends to be an esoteric topic, but your VPS must have access to sufficient isolated and independent random data to meet its encryption needs. Frankly, I do not know enough about how VPSs are engineered to understand how their needs for cryptographically strong random data are met, but it is a potential issue.

  • trexostrexos Member

    @emg

    Thanks for your long answer! I just wanted to save some files outside from my country, nothing big. I think I'll use TrueCrypt Container files which I store on the VPS encrypted with AES and a 40 letters/numbers etc. password.

    Thanks for all your great answers!

  • emgemg Veteran

    @trexos said:
    emg

    Thanks for your long answer! I just wanted to save some files outside from my country, nothing big. I think I'll use TrueCrypt Container files which I store on the VPS encrypted with AES and a 40 letters/numbers etc. password.

    Thanks for all your great answers!

    If you create the TrueCrypt container files on your home computer, and then upload them to your VPS in encrypted form, then they will be secure on the VPS from everyone, including the VPS provider. The only security issue would be someone who might recover the files from your home computer or find the password where it is stored. You must keep the 40 character password in a safe place, because if it is lost, there is no way to decrypt your files.

  • MaouniqueMaounique Host Rep, Veteran

    Or you can make a password like "I am going to the Market, I have to buy 13 Kg of tomatoes !"
    That should be secure enough and not hard to remember.
    On ovz it is not easy, but on Xen/KVM you can use iSCSI or NFS to store containers and open remotely witht he keys stored only on your home computer, the host will see only the blocks coming and going, it iwll be impossible to know what you are putting there in order to see the differences and deduct the keys in any way shape or form.

    Thanked by 1Mark_R
Sign In or Register to comment.