Register /
Login
|
Desktop view
|
Beta Version
»
Encryption -- QRecall vs. FileVault
Author:
Bruce Giles
9 years ago
I have not yet tried the new encryption feature in QRecall. My external backup drive was already encrypted via FileVault, and I would imagine that adding QRecall's encryption on top of that would be pointless, not to mention a performance issue. But I'm curious -- in terms of performance, how does QRecall's encryption (on an otherwise unencrypted drive) compare with FileVault? What are the reasons to choose one over the other?
Author:
James Bucanek
9 years ago
I have never benchmarked FileVault, so i can't comment on its performance relative to QRecall's. I would expect, however, that they would be comparable. QRecall uses the encryption engine built into OS X, which is what I assume FileVault uses.
There are several aspects of QRecall's encryption that differ from whole disk encryption:
QRecall allows archives to be encrypted on volumes that don't support encryption.
Each archive has its own key. A single volume can contain multiple archives, each encrypted with a different key.
Other processes that have read access to the archive won't see any plaintext data.
An archive key is a completely random AES key, not derived from a password, so it has maximum entropy. This means that the encryption is stronger than the password (and immune to password crackers).
Because the key isn't based on a password, the archive's password can be changed without re-encrypting the archive.
Author:
Ralph Strauch
9 years ago
As I read this,another difference between these two encryption methods occurs to me. With qrecall doing the encryption, the archive volume wouldn't need to be mounted on a Mac that could decrypt it -- specifically, the archive volume could be mounted on an Airport Extreme.
When I started using Qrecall I used a single unencrypted archive drive mounted on the Airport Extreme that served my LAN, to back up both my iMac and MBP. When I decided to add a second drive and keep one offsite I encrypted both drives (using FileVault). I found that the Airport Extreme could no longer mount these drives because it couldn't decrypt them, so I had to keep the active backup mounted on the iMac. I don't know if similar considerations would apply to other forms of NAS or not.
So I'm also wondering about switching over to Qrecall encryption. On the plus side I could shut down the iMac at night, or when it isn't used for several days. On the negative, it would probably take several days to decrypt and reencrypt each 1TB+ archive. Neither choice looks clearly dominant to me right now.
Register /
Login
|
Desktop view
|