←back to thread

What I Would Do If I Ran Tarsnap

(www.kalzumeus.com)
801 points tnorthcutt | 1 comments | 03 Apr 14 16:33 UTC | HN request time: 0s | source
Show context
Nanzikambe ◴[03 Apr 14 18:06 UTC] No.7524756[source]
Interesting article. I'd actually not heard of Tarsnap before, one question (to those who use it), why would a geek use it over:

  tar -cf - / --exclude='/proc/*' --exclude='/dev/*' [..] | \
      xz -z | \
      openssl enc -aes-256-cbc -e -salt | \
      > /mnt/your/networked/google/drive/backup.$(hostname -a).$(date "+%Y%m%d-%H%M%S").aes.tar.xz
I spent a while going through https://www.tarsnap.com/ and I didn't find any flexibility tarsnap offers over it. To make it work unattended, it's trivial to generate a unique key per backup for openssl (use a tmpfs) and then gpg encrypt the key and email it to sys admins or whatever mailing list before killing the tmpfs.

I could understand the appeal to less tech savvy users if there were a gui, or it featured cross platform support beyond those supported by tar, <insert compression tool>, openssl/aespipe/gpg/<insert encryption tool>, or the storage was super cheap.

So what's the value proposition here?

replies(5): >>7524774 #>>7524790 #>>7524804 #>>7524909 #>>7525099 #
wglb ◴[03 Apr 14 18:10 UTC] No.7524790[source]
Not sure if you are deduping there.

He uses scrypt, not openssl/aes-256-cbc.

A few differences.

replies(2): >>7524848 #>>7524890 #
Nanzikambe ◴[03 Apr 14 18:22 UTC] No.7524890[source]
See my response to tomp - it is deduplicated.

Colin may be a crypto genius and his code extensively reviewed, but I'd wager more eyes have been cast over the openssl codebase than tarsnap.

replies(1): >>7526781 #
1. ◴[03 Apr 14 21:16 UTC] No.7526781[source]