I’ve been using veracrypt for the past 4 years to create container files in everything from thumb drives to external hard drives. After upgrading one of my backup drives, I decided that I will switch to a different filesystem altogether going on, from ntfs to ext4, since I havent really used windows in those 4 years. With the reasoning behind using veracrypt and ntfs in the first place being for compatibility, should I switch to LUKS? Veracrypt is dramatically more feature rich but I dont really take advantage of those. I just encrypt my drives in case of burglars and other unwanted eyes. I do already have a disaster plan in place so I would have to do a total overhaul of things, but I’m not sure if this is a wise decision. My gut says no but what do you think? What would I gain?
Edit: shouldve added that these drives are for warm storage for my weekly manual backups of files.
Edit 2: the general opinion is to use a tool that supports encryption but I dont really feel comfortable with that but do appreciate it. It’s just I’ve been manually updating my backup drives for a while now and like how simple my routine is. Think my decision is to just stick with veracrypt but format every future drive (including a new one I ordered) as ext4. My current drives wont be reformatted in order to reduce unnecessary wear on them. Thank you all for your help
Take a look at https://borgbackup.readthedocs.io/en/stable/
deleted by creator
LUKS with LVM is probably what you want to encrypt your “hot” drives with. As for the actual backups, Borg and Duplicacy are great. I personally prefer Duplicacy as I find it much more polished, but Borg is great too. Both include encryption options.
If you’re concerned about recovering data, you should try recovering now. Make sure your backups are actually working and you can properly recover. You don’t have backups unless you test them.
I’d choose LUKS over Veracrypt for simplicity. If the drive is solely for backup, depending on the backup tool you use, you might not even need encryption on the file system level. Several backup solutions support data encryption.
The only change I would recommend looking at is using a backup tool like restic, which can encrypt and also provide snapshots. Restic (and ilk, I’m sure) also deduplicate incremental backups, can compress, and (restic, at least) can mount snapshots. That last feature has been so helpful to me, because it allows easy access to individual files in a snapshot.
Restic also supports a number of cloud storage backends, like BackBlaze, which makes offsite storage hella easier than carting physical media around.
There are a couple of these sorts of tools, and while I’m most familiar with restic, I’d guess they have similar capability. I’d suspect using one would simplify your set-up.
LUKS is a great option, but as someone who was in your exact shoes, and went from TrueCrypt to VeraCrypt to LUKS, I eventually landed on ZFS.
It’s just so, easy. Make an encrypted Zpool on your main /storage disk. Assign a /storage/documents (or whatever you want), Make another Zpool on your /backup disk, and use zfs snap and send to copy only the bit level data that changes.
So fast, so little disk access, and you can manage snapshots. There is even copy-on-write meaning file recovery is easy, too. I use it to send over SSH to a remote server, too.
If this is for live disks or mirrors (not backup), LUKS is reasonable. Backup is different from mirroring since one of the things it protects you from is accidentally deleting files. If you delete a file from your main drive, it also disappears from the mirror drive, so mirrors are not backup. For encrypted backup, I’ve been using Borg backup which is quite well thought out, though confusing at first. The backups go on a remote server which is ok since they are all encrypted.
