0

Up to this point I was using physical hard drives for backups, typically using dm_crypt as mentioned here. If online storage is used instead, and the provider cannot be trusted how much should the security parameter of the encryption routine be increased (I'm always using an encrypted drive) so that recovering the contents becomes unfeasible.

This question approaches the same issues but considers the files to be encrypted by the backup provider and not the user.

Community
  • 1
Sebi
  • 1,391
  • 9
  • 16
  • 2
    What kind of online storage are you talking about? – Neil Smithline Nov 28 '15 at 21:55
  • 1
    If the provider cannot be trusted don't forget to consider the risks applicable to loss of access (either as a result of accidental deletion/corruption or malicious encryption that prevents you accessing your data). – R15 Nov 29 '15 at 09:26
  • By "önline storage" I believe you intend "cloud storage". If this is correct, I recommend you edit your question. – JaimeCastells Nov 29 '15 at 12:44
  • @Neil Smithline any storage that is not located on a physical drive I'm able to access. It can be a mounted file system on a VPS, a dedicated backup service provider or a cloud provider. – Sebi Nov 29 '15 at 12:52
  • @R15 Yes, that's true, I'm planning on using multiple providers just in case. – Sebi Nov 29 '15 at 12:53
  • @JaimeCastells While cloud storage is an online storage it is not the only means of storing backups online (see the comment above). – Sebi Nov 29 '15 at 12:55
  • 1
    Online vs offline is usually used to differentiate between storage that is accessible vs inaccessible. A hard drive plugged into the machine would be online, in other words. A hard drive disconnected and stored in a closet would be offline. – Xander Jan 28 '16 at 15:37
  • 1
    "mounted file system on a VPS" you're not planning on decrypting the fs remotely, are you? Because encryption only protects the data "at rest." Anyone working at the remote site could take a snapshot of the VPS while your drive is decrypted, for example. dm_crypt will only help if you're willing to copy the entire filesystem image locally, decrypt, add/update files, re-encrypt, and upload the image back to the provider. –  Jan 28 '16 at 18:12

1 Answers1

1

If this is just about the bit length (and I couldn't find out anything about the Block Mode -- I'm just guessing "XTS") that you should use for AES (128, 192 or 256), then 128 bits should be enough.

Check keylength.com and put in a date far enough in the future for your needs.

StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86