[colug-432] truecrypt

[Chris Spackman]

[Text interspersed where appropriate.]

On 2014/02/06 at 09:17pm, Rick Hornsby wrote:

> Any one have experience with truecrypt?  No real problem with it,
> just a little anxious to delete original files that I have put in a
> truecrypt volume, like my taxes for the last several years.

I have been using Truecrypt for years and the only problems I have had
were related to the hard disk itself, not the Truecrypt volumes. (This
was with encrypted partitions, not stand alone files.)

I seem to recall a crowd-sourced effort recently to have a security
expert audit the Truecrypt source code. IIRC, there is no reason to
think it has backdoors (but perhaps the NSA is aware of some
weaknesses?) but no one everyone trusts has actually ever checked. Of
course, that goes for many security products, and Truecrypt does use
mainstream, well understood protocols, so I don't think normal
users should be too worried.

> The other thing I’m wondering the best way to deal with is to
> off-site backup the volume.  You can’t diff the volume, since it is
> a binary file.

I have heard people claim that you can, but have never gotten it to
work. 

> Would it make more sense to create a local and remote truecrypt
> volume and do something with rsync to keep the contents in sync as
> long as both volumes are open?

This is what I do, but locally, not over a network. Works fine for me
(locally) but YMMV.

For off-site backups, I use tarsnap and Wuala. Wuala is sort of like a
secure and much more feature-ful Dropbox. 100 gig costs about $10 a
month. One cool feature is that your Wuala space can be seen as a
drive on your computer - like a 'cloud' drive. Of course it also does
regular backups and syncs between computers. You can also set up
groups of people that have access to only the files added to that
group.

Wuala claims that all encryption is done locally and that they have no
way to access your data. It is slow enough that I am willing to
believe them. (Not that slow, but syncing new files can take a minute
or two to reach the other computers.)

I find the Wuala interface easier to use than the SpiderOak
interface. But, that may be familiarity. I tried SpiderOak a couple of
years ago but decided to stick with Wuala.

Tarsnap is much more difficult to get up and running. It is basically
secure backup and off-site storage using a tar-like command. You have
to compile it yourself and then create the keys and register your
computer.

Tarsnap supports incremental backups (I think that is the right term - the
second time you backup a directory, it will only add the files that
have changed). I suppose you could open your Truecrypt volume
and occasionally tarsnap the whole thing.

Tarsnap charges for network bandwidth and daily data storage
fees. But, it is reasonable and keeps track of your balance to like 12
decimal places. I have had maybe 10 gig or so stored there for two or
three months and it has only cost me about $5 so far, IIRC.

Sorry for the length. Hope this helps. I am happy to help if you need
some more help with any of the software I mentioned.

-- 
Chris and Yoshiko Spackman

Respect is earned. Trust is gained. Loyalty is returned.