Re: [Tails-ux] Backups of the persistent volume

Delete this message

Reply to this message
Autore: Lawrie
Data:  
To: flapflap, tails-ux
Oggetto: Re: [Tails-ux] Backups of the persistent volume
Flapflap

All your ideas sound good and I don't have the technical know-how to
judge the merits of them.

People are _always going to want to do backups_ and they should and with
Truecrypt gone and no user-friendly alternative I'm really afraid that
someone is going to make a backup by some very insecure method or place
and in the process completely loose all the security they had with Tails
(without knowing it maybe).

Thanks so much to you and your team for working so hard on such a
worthwhile project. We appreciate it.

So I will leave you all to keep up the good work.

Regards
Lawrie

PS Another advantage of a very pure clone is that someone can change the
cloned persistent partition passphrase ( need to document how to do
this) and then just deliver someone the clone with complete security.



On 19/12/2014 12:33 p.m., flapflap wrote:
> Lawrie:
>> The problem is just that though - it's technical .. and it has 10
>> steps. I think it's fair to say that this is just way beyond most
>> user's ability. Tails should be something that the very average dude
>> feels confident in using.
> You're right that it's very bad for usability and I also think that we
> had two different usecases in mind.
>
>> My idea to reiterate is just to _clone the whole complete memory stick -
>> from start to finish - with one click._ Then if you loose the first one
>> you have the second one. From a coding and security aspect it would
>> appear to be pretty simple - but there again I don't know much about
>> this sort of thing. Maybe it's not simple at all?
> As always there are multiple ways to achieve the same effect, but I'm
> also uncertain which one to choose.
> One could, for instance, make a 1:1 copy of all partitions on the USB
> stick (like when using dd), or make only a 1:1 copy of the (read only)
> Tails system, create a new encrypted partition, and copy/rsync the data
> from the old partition to the new one.
> In the first example, one would get two bit-equal USB sticks (including
> the encrypted partition with its passphrase-encrypted session key) and
> in the latter example, the USB sticks look different (new session key)
> but contain the same data (after the partition is unlocked).
>
> ~flapflap
>