long article about EU legislation vs. extrateritorriality of US FISA etc. rules
Mauro Souza
thoriumbr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jun 25 22:05:15 UTC 2013
How I would do it in a "more secure than the default" way:
- on the cloud:
dd if=/dev/zero of=/home/myself/disk/mydisk.bin bs=1M count=10k
Export /home/myself/disk via NFS, sshfs, whatever you like. I usually use
sshfs.
- on your desktop:
sshfs root-kKzoNtG5o2GexcML3H/kdDDL28F9En1WQQ4Iyu8u01E at public.gmane.org:/home/myself/disk /mnt/point1
LOOPDEV=`sudo losetup -f`
sudo losetup -e aes $LOOPDEV /mnt/point1/mydisk.bin
sudo mount -o user $LOOPDEV /mnt/mydisk
sudo chown -R myself /mnt/mydisk
On the first time you will use the disk, you should format it. After
losetup and before mount, issue a mkfs.ext3 $LOOPDEV (or ext4, or fat12, as
you wish). You will have an encrypted gigantic file on your NSA-friendly
cloud provider, secure ssh traffic between your desktop and the cloud, and
no secure data stored on any of your desktops. As the losetup command won't
save your password, even if someone steals (or issues a court order
requiring from you) any of your desktops, your data will be safe.
If you are super paranoid, you can create another container file locally
inside the remote container, and so on. A safe inside a safe is safer than
a safe...
Use a key-based auth to ssh on your cloud (completely disable password
logon), and USE A PASSPHRASE to unlock the key. It will put another barrier
to anyone snooping on your data.
Mauro
http://mauro.limeiratem.com - registered Linux User: 294521
Scripture is both history, and a love letter from God.
2013/6/25 D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org>
> | From: Ken Heard <kenslists-R6A+fiHC8nRWk0Htik3J/w at public.gmane.org>
>
> | I certainly see your point about virtualization, and also the differing
> | meanings of "cloud". As I wanted to I imply in my first post, I was
> | talking about using the cloud as a place to store backed up user files,
> | not for virtualization. Such files would normally be packed in several
> | encrypted tarballs.
>
> That seems pretty safe. In particular, there is no processing in the
> cloud that requires an unencrypted form of the data.
>
> Still: someone could learn when you are coming and going and connect
> you-in-Canada with you-in-Thailand. That doesn't sound bad since
> there are probably already many other ways that you leak that
> information.
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130625/48c117b6/attachment.html>
More information about the Legacy
mailing list