[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restore data transfer rate



On Fri, 14 Jan 2011 11:26:24 +0100, Mads Sülau Jørgensen <mads@sulau.dk>
wrote:
You would of course have to trust Amazon with your unencrypted data
and your encryption keys.

Hardly. You can disable swap (I think it disabled on most images by
default) and use a plethora of encrypted filesystems on your ephemeral
storage to avoid leaking any sensitive data. 
If you use reputable tools for decryption no keys should be retrievable.
Of course, you might argue that this being virtualization, Amazon could
potentially get to the bits anyway, but the opportunity window would be
vanishingly small, not to mention that there would have to be a reason why
your traffic/usage would attract attention of malicious system
engineers/snooping hackers in the first place. 

In other words, it is quite perfectly possible to get this thing
reasonably secure. Keep in mind, tarsnap itself runs on could computers.
You trust tarsnap already?