« Teaching John The Ripper how to Crack MD5 Hashes and more

Incremental Backups of Crypto Containers

Comments Published October 22nd, 2009 in security

If you want to backup your crypto containers, you have mainly two choices:
1.) Open the container on your machine and one on the backup server and than you can start with an incremental backup.
2.) You always transfer the whole crypto container.
From a security point of view it’s not acceptable to open a container on a remote host which is perhaps even not owned by you and of course you don’t want to backup a 1GB container after you’ve just added a small *.txt
Here, I’ll demonstrate how to do incremental backups of crypto containers without even once open them :)


# backup.sh
echo "Creating patch"
bsdiff disk_of_last_change.tc disk_to_work_with.tc patch.patch
echo "Move patch to server"
mv patch.patch serverSide
cd ./serverSide
echo "Use patch"
bspatch disk_on_the_server.tc disk_on_the_server.tc patch.patch
cd ../
echo "cleanup"
rm ./serverSide/patch.patch
rm disk_of_last_change.tc
cp disk_to_work_with.tc disk_of_last_change.tc

Unfortunately, this is not as fast as it could be, even if it’s much faster than transfering the whole container all the time but I also found a quiet strange way on how to improve the speed of the whole process. You can just use base64 encoding and the normall diff instead of using bsdiff because you can work much faster on plain text files than on binary files. Here’s how an example could look like:

# backup64.sh
#
# run once:
# base64 disk_to_work_with.tc > disk_of_last_change_64.tc
base64 disk_to_work_with.tc > disk_to_work_with_64.tc
echo "Creating patch"
diff disk_of_last_change_64.tc disk_to_work_with_64.tc > patch64.patch
echo "Move patch to server"
mv patch64.patch ./serverSide/
cd ./serverSide
echo "Use patch"
patch disk_on_the_server_64.tc patch64.patch
cd ../
echo "cleanup"
#rm disk_of_last_change.tc
#rm disk_of_last_change_64.tc
rm ./serverSide/patch64.patch
mv disk_to_work_with_64.tc disk_of_last_change_64.tc
base64 -d disk_of_last_change_64.tc > disk_to_work_with.tc

As you’ll see, the patches are slightly bigger than the ones with bsdiff but I think you can accept that when you get such a huge performance improvement by using the base64 version.

I know that I didn’t really explain everything but don’t hesitate to ask me if there are any questions :)

No Comments to “Incremental Backups of Crypto Containers”  

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply