QRecallDownloadIdentity KeysForumsSupport
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Groups] Back to home page 
Encryption -- QRecall vs. FileVault  XML
Forum Index » Beta Version
Author Message
Bruce Giles



Joined: 05-Dec-07 03:47
Messages: 95
Offline

I have not yet tried the new encryption feature in QRecall. My external backup drive was already encrypted via FileVault, and I would imagine that adding QRecall's encryption on top of that would be pointless, not to mention a performance issue. But I'm curious -- in terms of performance, how does QRecall's encryption (on an otherwise unencrypted drive) compare with FileVault? What are the reasons to choose one over the other?
James Bucanek



Joined: 14-Feb-07 10:05
Messages: 1546
Offline

I have never benchmarked FileVault, so i can't comment on its performance relative to QRecall's. I would expect, however, that they would be comparable. QRecall uses the encryption engine built into OS X, which is what I assume FileVault uses.

There are several aspects of QRecall's encryption that differ from whole disk encryption:

  • QRecall allows archives to be encrypted on volumes that don't support encryption.

  • Each archive has its own key. A single volume can contain multiple archives, each encrypted with a different key.

  • Other processes that have read access to the archive won't see any plaintext data.

  • An archive key is a completely random AES key, not derived from a password, so it has maximum entropy. This means that the encryption is stronger than the password (and immune to password crackers).

  • Because the key isn't based on a password, the archive's password can be changed without re-encrypting the archive.
  • This message was edited 1 time. Last update was at 05-Dec-15 20:40


    - QRecall Development -
    [Email]
    Ralph Strauch



    Joined: 24-Oct-07 22:17
    Messages: 194
    Offline

    As I read this,another difference between these two encryption methods occurs to me. With qrecall doing the encryption, the archive volume wouldn't need to be mounted on a Mac that could decrypt it -- specifically, the archive volume could be mounted on an Airport Extreme.

    When I started using Qrecall I used a single unencrypted archive drive mounted on the Airport Extreme that served my LAN, to back up both my iMac and MBP. When I decided to add a second drive and keep one offsite I encrypted both drives (using FileVault). I found that the Airport Extreme could no longer mount these drives because it couldn't decrypt them, so I had to keep the active backup mounted on the iMac. I don't know if similar considerations would apply to other forms of NAS or not.

    So I'm also wondering about switching over to Qrecall encryption. On the plus side I could shut down the iMac at night, or when it isn't used for several days. On the negative, it would probably take several days to decrypt and reencrypt each 1TB+ archive. Neither choice looks clearly dominant to me right now.

    This message was edited 2 times. Last update was at 05-Dec-15 23:08

     
    Forum Index » Beta Version
    Go to:   
    Powered by JForum 2.1.8 © JForum Team