[BackupPC-users] Encryption?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all (again),

While playing with BackupPC, I realised that having a centralised 
backup server where all the important files are kept can represent a 
major security risk. If someone "roots" the backup server, the 
attacker has access to every important files in the business.

Wouldn't it be a good idea to use an encryption system so that only a 
particular user can restore their files. This could be done 
relatively easily using a public key system (PGP/GPG): every user has 
a private/public key pair. A copy of the user's public key is on the 
backup server. Before backuppc stores a file on disk, it encrypts it 
with the user's public key. The user's private key would be needed to 
restore the files.

It seems to me that it wouldn't break BackupPC's pooling mechanism as 
long as the md5 of the files are taken before they're encrypted.

I know that by having superuser access to the backup server, an 
attacker gets every computer smb/ssh password in backuppc's config 
file and will eventually be able to access every file anyway. But he 
still would have to connect to every computer and download the files; 
rather than having instant access to all of them.

I'm not sure if it's worth the trouble to implement. I'm sure that 
there would be lots of problems like "I had not backuped my private 
key" or "I backuped my private key with my other files using 
backuppc."

=46ood for taught...
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Qu=E9bec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA