On Thu, Dec 18, 2014 at 10:41 AM, wwp subscript@free.fr wrote:
I would rather work on single files or tars on directory basis. Using a single big file creates a very "large" single point of failure. Or use an encrypted file system (of course, also a single point of failure, but probably better handling).
The bad points with using an encrypted fs maybe in the OT case, is that to move the encrypted file to somewhere else, you need to move the hardware containing the fs :-(.
Which might be as simple as swapping a USB key or portable drive.
Also, it doesn't allow changing the encryption key very often. I think an encrypted fs addresses other security/confidentiality issues, but then the OT should be more precise about his needs/the context.
Yes, how the backup copies will be managed after encryption would have a lot to do with picking the most convenient approach. One thing that would be possible on an encrypted file system would be using a backup approach that stores multiple copies, de-dupinng unchanged files as you can do with rsync, rdiff-backup, backuppc, etc. Those can only work if the software involved sees the unencrypted files.