Cryptosmith

Cyber and security architecture, not bitcoins

Backing Up OS X with Mirrored Encrypted RAID

BombComputing technology is insanely reliable when you look at statistical error rates. Hard drives read and write trillions of bits while rarely producing a reportable error. But when you want some data to live forever (like family photos or critical business records), even an occasional error is a problem.

I’ve been using OS X and Time Machine for at least a decade now. I rely on RAID 1 “mirrored” backups. In other words, my Time Machine storage contains 2 separate hard drives. Everything is written to both of them. If one fails, I replace it with a new one, and rebuild from the good drive.

I also like to encrypt my hard drives. OS X provides convenient and capable hard drive encryption, but it doesn’t play well with the OS X RAID service. I’ve found it best to use an external RAID enclosure which handles the mirroring. I let OS X handle the crypto.

I used to rely on OS X to do both the encryption and the RAID. There are ways to set this up using shell commands to the OS X Disk Utility. Then I upgraded from an aluminum Mac Pro tower to an iMac, and moved my Time Machine drives to an external RAID enclosure.

Then I outgrew the enclosure.

How not to do backups

I bought a cheap external drive housing to handle a larger hard drive. I connected the old enclosure (with a pair of disks simulating a larger one) and the new housing. I had to go back to OS X RAID to do the mirroring. I then found an updated set of directions to configure both RAID and encryption on the same OS X volume. This worked, but not completely.

The hard drive died in my iMac. This was a known problem that Apple fixed for free. The guys in the Apple Store were astonished that I had a backup – an old guy with an easy to use computer, carried in wrapped in a dog bed. It took them a couple days to put a new, but erased, hard drive.

OS X makes it very easy to restore an erased hard drive, especially if you use Time Machine. You plug the drive into the repaired – though empty – computer, and type Command-R as you restart the computer. This starts OS X Recovery, which gives you several choices for recovering a disabled computer. I selected “Restore from Time Machine.”

This is where the RAID + crypto caused trouble. The recovery software prompted me for my encryption passphrase. I supplied it. Then it asked again. And again.

I used another Mac to confirm that I’d remembered the correct passphrase.

To recover, I had to decrypt the encrypted drive and then use it in OS X Recovery. It seems that the OS X Recovery software can’t handle the same complexity as the full OS. Even though there’s a way to make the OS combine RAID and encryption, the Recovery software isn’t sophisticated to keep up with is.

Resolution

After I decrypted the encrypted backup and restored the computer, I bought myself a brand-new RAID enclosure. The new one handles the largest drives I can get and will automatically mirror the backups. I tell OS X to encrypt the backup, and everything works fine.

Favorite Posts

Memory Sizes: kilo mega giga tera peta exaOctober 18, 2013
SCI//HCS-P/SI/TK at Mar-a-LagoJune 4, 2023
Stream Cipher Reuse: A Graphic ExampleMay 31, 2008
Password Hashing and CrackingMarch 26, 2021
Kilo mega giga teraOctober 19, 2013
Security Design PrinciplesOctober 19, 2013

ACSAC Android Apple attacks authentication Bitcoin Boak Calibre certificates CIA properties classified Clinton cloud computing Coursera CPU cracking crypto cybercurrency databases design principles domain names Drupal ebooks elections email encrypted messages evaluations file systems flaws Ft. Meade GUI history iOS iPhone KGB Kindle library malware memory sizes Microsoft mobile security MSSE Multics NSA NSTISSI 4011 OPDS passwords phishing President quantum Quizlet RAM risks secrecy spam SSL stream cipher TCSEC Top Secret training Trump UMN video Wordpress xor