On Saturday, 26 January 2008 22:58:01 +0000, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote : Sorry for the earlier private-only reply as Syöpheed Claws sometimes takes only the private maila ddress for replys. I always have to verify before sending which is something I'm not still used to do. > You want any backup drive physically removed and unconnected most of > the time or a PSU failure/nearby lightning strike will blow both the > original disk and backup disk to kingdom come at once. That's also a very good reason. Encryption is thought of as an add-on because the drives are rotated off-site. Since the drive are traveling, might as well add encryption. I ran some tests with dm-crypt and it's surprising how little overhead encryption incurs. In one instance, a 2GB copy to an encrypted partition was 1 second faster than to a regular partition (with machine reboots in between just to be sure no cache mechanism gets in the way). Add to that all the recurring news stories about laptops stolen or lost and some such involving lost data of various kind, encryption then makes a lot of sense. I guess there's no other way than having the password in clear text in a script. The script could be then be made readable only by root, everybody else gets a permission denied. That could perhaps suffice. Cheers, Al
