Personal info storage

H

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,153
Reaction score
1,297
Location
Europe
Hi guys

I'm thinking of setting up a personal info storage system (Everything - notes, birthdays, todo list, record keeping, bookmarks). Something that is:
  • Secure (as in encryption)
  • Redundant (as in backups)
  • Open source/free (as in fully under my control)

The last point in particular is of interest to me: Tools like Evernote are cool, but I'm not too keen on all the info being under someone else's control.

The implementation is the part I need some help with. I've got a fuzzy idea of how this might work, but it is well...fuzzy.

I'm thinking a self hosted Wikimedia setup, initially running off a local linux VM and eventually moved onto a VPS. The local one I can secure with some type of truecrypt setup & then just backup the encrypted file to some type of cloud, but once I moved it to a server that becomes a bit more tricky...how do I get it to be easily accessible while still being fully encrypted? Some kind of SSH key (I have no experience with those)?

Stepping the fuzziness up a notch, so type of bittorrent sync would rock, but thats not open source. :o I suppose I could just set up a personal tracker.

Might sound like a bit an overkill but I feel that the amount of knowledge is increasing exponentially & whoever manages it best will have a significant & ever increasing advantage over others.

Any thoughts on the matter would be greatly appreciated (both technical & otherwise)
 
Interesting. XAMPP and Tikiwiki looks good. Both 10+ years old so should be pretty reliable. Thanks

Any idea how one would move that to an external server (making it accessible from multiple devices without messing up the security (Being a noob at this the chances of making a fatal mistake here seem pretty high)?
 
Any idea how one would move that to an external server (making it accessible from multiple devices without messing up the security (Being a noob at this the chances of making a fatal mistake here seem pretty high)?
Click to expand...

Not had todo this for a Tiki Wiki installation but for this type of application, usually back up your MySQL db using SQLdump and restore to the DB on the new server, then copy the Tiki Wiki application files to the document root (or a subfolder) on the new server. You'll probably have to make a couple of tweaks to config files (eg. editing the database name and credentials or maybe some filepaths.)
 
Not quite what you had in mind but just a suggestion,

I use Keepass and here's why:

a) Secure - uses 256bit AES encryption as well as a key file which sort of makes it a 2 step authentication method,
b) Can save essentially anything from online passwords to documents (which you just attach to any entry) and or images. I for example save the Google Authenticator images to setup accounts in mine so its easy to setup accounts again when needed.
c) Multi-platform - runs on Windows, Linux, Android etc...
d) Can run be run as a portable installation i.e. on a flash drive so very portable,
e) Redundancy - easy to set that up. I have a backup sync running every 2 hours which sync the database file (which is secured) to a secure folder on Dropbox. Easy to access it then via mobile if needed as well as serving as a backup.

Just a suggestion, I know an online thing can be made secure but I'm way too paranoid for anything linked to the net...
 
A key files does not 2 step authentication make. OTP is a form of two factor
 
semaphore said:
A key files does not 2 step authentication make. OTP is a form of two factor
Click to expand...

Not the same as OTP I agree but still a second step and one which adds considerably to the security.

Without the key file you cannot open the database. The keyfile can be any kind of file and of any size. You can for example use a photo which is stored on your Google drive or Dropbox or a file on a flash drive etc....

So you need to enter the password and also be able to provide the correct file.
 
InvisibleJim said:
Not had todo this for a Tiki Wiki installation but for this type of application, usually back up your MySQL db using SQLdump and restore to the DB on the new server, then copy the Tiki Wiki application files to the document root (or a subfolder) on the new server. You'll probably have to make a couple of tweaks to config files (eg. editing the database name and credentials or maybe some filepaths.)
Click to expand...
Thats not quite what I'm asking. I'm pretty sure I can get it running on a server (after some battling). Its the security thats the issue. I don't think I have the necessary skill to make it both A) Work conveniently B) Secure.

If I set it up with some kind of password / access control, then I run the risk of it being insecure (on server security there are too many "unknown unknowns" as it were for me.

If I encrypt it the I lose all convenience & might as well keep it local.

I suspect there is no good answer to the above - not without wild server security skills anyway.

semaphore said:
https://aerofs.com/
Click to expand...
I'll have a look at it, but I'm a bit wary of it tbh. I'm pretty sure I'll still somehow be dependent on them (else they wouldn't charge monthly for it). I'd really like to minimize using any ready made online offerings - i'm just sick of being blindsided by companies with shifting policies driven by their own agenda (profit). e.g. Today I learned Ghostery sells data to ad companies (on a very limited basis but still).

MKFrost said:
...
Click to expand...
hmm...I like the sync'ing an encrypted file angle. Think I'll got for truecrypt though - that gives me the option of 2 factor auth. This plan means no bigger files though - else TC will cause a full & massive resync every time I change something.

I know my uncle runs his life with textfiles & grep. :D Starting to look mighty appealing.

Does anybody recall what that sync friendly truecrypt clone was called?

semaphore said:
A key files does not 2 step authentication make. OTP is a form of two factor
Click to expand...
Neither are two factor afaik. You'd need to add a password to each, then both are equally valid two factor auth (knowledge + possession).


Thanks for all the input so far guys.
 
Here's how I would do it:


Setup a server / VPS with your favorite OS and setup encryption so that if it get's stolen (very unlikely, if it's in one of the bigger DC's in our country) the thieves can't do much with it.
Then either setup a web server (Apache + PHP + MySQL), webDav (or any other similar daemon / protocol) and add some security. Only use SSH and HTTPS for your connections.

From here you can do whatever you like. If you need to access "it" from multiple devices, but don't have the time / knowledge to write your own "clients" (like Evernote or Dropbox for example), then a web based solution might be quickest to setup. Which app you use it entirely up to you.

SugarCRM will do most of what you want, and some more if you need to.
eGroupware is similar and a bit easier to setup.
eyeOS can give you a whole OS via a web browser if you need it.
 
semaphore said:
Neither is two factor?
Click to expand...
One of us is thoroughly confused I think...

Two factor. Emphasis on the two. OTP in itself is just one (well technically possession of the key fob is the factor, not the OTP). Add a password and you've got two factors. See wiki definition of "two factor":

Two-factor authentication is often confused with other forms of authentication. Two-factor authentication requires the use of two of the three authentication factors.
Something the user knows (e.g., password, PIN, pattern); <<<<Password
Something the user has (e.g., ATM card, smart card, mobile phone); and <<<<<Token/key fob
Something the user is (e.g., biometric characteristic, such as a fingerprint).
Click to expand...

semaphore said:
https://github.com/MatthewSteeples/rsync.net

And just write your own encryption wrapper over it.
Click to expand...
Ah thats cool - didn't realize its open source. Will look into it. Thanks.

SoftDux-Rudi said:
...
Click to expand...
Sounds good - not sure I've got the skill to pull it off though tbh.
 
What you want to do is actually pretty simple to write.

And yes two factor is obviously two separate auth mechanisms. Exactly what wiki says or you can go a third level and have biometric finger print ident (we recently did this).

https://www.sugarsync.com/ Not free but can give you ideas.
 
semaphore said:
What you want to do is actually pretty simple to write.
Click to expand...
hehe. Says the programmer to the finance guy. :D I can program, but something like a genetic algo is already at the edge of my ability so you're idea of "simple to write" might be different from mine. :)

No but seriously I'll have a good look at all the options present - I've got an important exam coming up so everything is on hold for a week or so though.

Found this too:
http://www.ghacks.net/2013/03/27/cryptsync-upload-only-encrypted-files-to-online-storage-services/

Thanks again for all the cool responses.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X