| [Security] Exclude open encrypted .dmg's from Time Machine Say you have an encrypted sparse disk image that you put your medical/banking or customer database into.
Why? Because you don't want curious types from browsing through them, or you don't want that information to be seen by Apple/3rd-party technicians if you ever have to take your Mac in for service.
Great so far, but what happens if Time Machine kicks in to do a backup while the disk image is decrypted/open? If your sensitive files are backed-up decrypted then it kinda defeats the purpose of encrypting them in the first place.
So, a few questions:
a) Does Time Machine refuse to backup an encrypted DMG when it is 'open'?
b) If it doesn't, does Time Machine only backup documents within the DMG if you are currently working with them? ie. say you are working with a Word document that's normally in the encrypted DMG - is just the Word document backed-up (plaintext or encrypted) and the other documents in the DMG not touched by Time machine?
c) Is there a hack that can force Time Machine to backup an encrypted DMG and its content *ONLY* if the encrypted DMG is closed? |
|
 HiVoltPremium
join:2000-12-28
Toronto, ON
kudos:12
 ·TekSavvy DSL
 ·TekSavvy Cable
| I'd venture a guess that you could add your mounted encrypted dmg volume to the "Exclude items" in Time Machine Preferences, therefore it would not back up any contents from it, but in theory it should back up the encrypted .DMG file itself.
Make a small encrypted .DMG with some files and test it this way.
--
GO LEAFS GO! |
|
DaemonPremium
join:2003-06-29
San Francisco, CA | reply to MaynardKrebs
AFAIK, time machine excludes detachable volumes from backups automatically. However, if it doesn't, follow the suggestion above.
--
-Ryan
I use Linux, OS X, iOS and Windows. Let the OS wars die. |
|
| reply to MaynardKrebs
I just had a look at time machine and my encrypted disk that I left open overnight. Time machine had done a backup, it does not back up the volume. |
|
| said by lobsterbucke:I just had a look at time machine and my encrypted disk that I left open overnight. Time machine had done a backup, it does not back up the volume.
So it didn't backup the open volume or any files in it?
Does it backup a closed volume?
I can't test this until tomorrow - left my Mac at a different location. |
|
HiVoltPremium
join:2000-12-28
Toronto, ON
kudos:12 Reviews:
·TekSavvy DSL
·TekSavvy Cable
| I don't see why it wouldn't, it's just like another file. (DMG)
--
GO LEAFS GO! |
|
DaemonPremium
join:2003-06-29
San Francisco, CA Reviews:
·Comcast
| reply to MaynardKrebs
said by MaynardKrebs:said by lobsterbucke:I just had a look at time machine and my encrypted disk that I left open overnight. Time machine had done a backup, it does not back up the volume.
So it didn't backup the open volume or any files in it? Does it backup a closed volume? I can't test this until tomorrow - left my Mac at a different location. I use an encrypted DMG for reasons similar to yours, and yes, time machine backs up the .dmg file regularly. In fact, it's a little bit annoying because if I change even one byte of one file in the DMG, the entire DMG will get backed up again.
--
-Ryan
I use Linux, OS X, iOS and Windows. Let the OS wars die. |
|
| said by Daemon:said by MaynardKrebs:said by lobsterbucke:I just had a look at time machine and my encrypted disk that I left open overnight. Time machine had done a backup, it does not back up the volume.
So it didn't backup the open volume or any files in it? Does it backup a closed volume? I can't test this until tomorrow - left my Mac at a different location. I use an encrypted DMG for reasons similar to yours, and yes, time machine backs up the .dmg file regularly. In fact, it's a little bit annoying because if I change even one byte of one file in the DMG, the entire DMG will get backed up again. Actually that's not such a bad thing for an encrypted dmg. One bad byte too many for the error-correction codes to correct can prevent it it from being opened, so having multi-generational copies around doesn't hurt. If you make it as a sparse DVD-sized image to begin with and it's only got 50Mb of data, then it'll only be 50Mb on disk. But yes, it can get to be a real pain and eventually costly to have *many* 4.3Gb or larger encrypted DMG's laying around in Time machine.
Thanks for the answers, everyone. |
|
