Backing up FreeBSD and other Unix systems securely

Kelly Jones kelly.terry.jones at
Sun May 17 16:13:00 UTC 2009

I tried using Mozy for backups because they offer unlimited space, but
1) they don't support FreeBSD, 2) they encrypt file contents, but NOT
file names, and 3) they don't do true versioned backups. Easy
workaround for 1): rsync to a Mac/Windows and backup from there, but
2) and 3) are more difficult.

My plan:

 % Use "dd if=/dev/random of=mykey" to create a random blowfish key

 % Blowfish encrypt mykey with a passphrase only I know. Backup the
 encrypted blowfish key to a remote host.

 % Keep track of when I last ran the backup program ("touch
 /some/path/timestamp" at start of run) and only backup files that've
 been modified more recently ("find / -newer /some/path/timestamp").

 % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key.

 % Then, take the sha1 hash of the bzip'd/encrypted file, and backup
 foo.txt to remotehost:/some/path/{sha1 hash}.

 % To avoid too many files in one dir, I may backup
 b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to
 for example.

 % In an SQLite3 db, record the filename I'm backing up, its
 timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of
 the db on the remote server.

I like this plan because it does versioned backups, and doesn't backup
identical files twice. I dislike it because I lose Mozy's unlimited
disk space.


 % Does this plan seem secure and reasonable?

 % Will backing up the 0-byte file this way make it easy to guess my
 blowfish key?

 % Is there software that already does this?

 % Can this plan be improved?

 % Does anyone offer unlimited space for Unix backups?

 % Any general thoughts/comments on this plan?

We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.

More information about the freebsd-questions mailing list