Conversation

Yet another reason backups should have proper cryptographic architecture.

Quote Tweet

Aug 15, 2021

A ransomware gang thing seen recently - exfil Veeam backups of VMs, rather than exfil data from servers. Why? Easier &quick - centralised. Less monitoring - 7-zip on servers also has performance impacts. Network traffic on backup servers already in terabytes daily, less visible.

Rich Felker

@RichFelker

Aug 15, 2021

I *so* want a lightweight (no heavy deps that limit what systems you can use it on) automated incremental backup system with proper cryptographic architecture, that can use arbitrary storage providers, local or remote, with no need to trust them.

Replying to

Cloud providers have much cheaper prices for long-term storage with a delay before retrieval. Full backups can be cheaper than incremental ones. S3 Glacier is $0.004 per GB and S3 Glacier Deep Archive is $0.00099 per GB. Both of those have up to a 12 hour delay before retrieval.

Replying to

I'm not sure how this relates to what I was looking for. Are you assuming incremental reads back from the backup? That's impossible in what I want because the backup is cryptographically append-only. Client has to track what was already backed up for incremental purposes.

Daniel Micay

@DanielMicay

Replying to

@RichFelker

The approach I'm using is taking atomic snapshots of the data, encrypting them with age using a public key and backing them up to long-term storage. It'd be possible to produce incremental backups locally but it's more complex and I'd want full backups at some interval anyway.

5:56 PM · Aug 15, 2021Twitter Web App

Replying to

and

i.e. SQLite or PostgreSQL online backups get dumped into a directory daily (at most 28 at a time) and a script encrypts those with age using a public key and uploads to an archive. Could use a certain one as a base and generate deltas from there but I'd be more worried about it.

Replying to

and

The client could somehow end up in a situation where it thinks it has uploaded something but something actually went wrong and then all the backups are screwed up until it switches to a new base. I'd just be a lot more worried about it if it wasn't doing full backups regularly.

Replying to

OK, but full backups just are not on the table at all for me. The bandwidth requirement alone would be longer than a reasonable backup interval and would essentially mean having no acceptable internet service, ever, because all bandwidth is occupied with backups.