> 1. Backup file is 256-bit encrypted
AES 256, Serpent-AES, ... nice.
> 2. Transfer via regular ftp
Very dangerous. Clear passwords open your system to the attackers. You
are careful today. What about tomorrow? If your system gets compromised
you are dead. Imagine you are boxing.
> 3. Store on the server used for my web hosting in a password protected folder
Very, very dangerous. First, you want to separate your backups machine
and your web server since a hacker will as a first step attack your web
server, almost by instinct. Try to never give an attacker an advantage.
Even if your data is encrypted, it is more safe to keep it away from
the sharks, because once the encrypted data is stolen the need for an
attacker to steal the encryption key becomes urgent. Secondly, every
time you are asked for a password be skeptical, because passwords, if
not random, are very weak.
> Some of the options I've considered
> 1. Transfer via SSL ftp transfer: but if the file transferred is
> already encrypted, does a SSL transfer add any value?
At least it doesn't hurt.
> 2. I suspect a password protected web folder can rather easily be
> craked, however, the backup file being 256-bit encrypted, how likely /
> easily can this be cracked?
Are you sure you will never decrypt, even temporarily, your data to
this folder? Are you sure an attacker cant get out of this folder once
Please visit The Henry Madsen Band http://thehenrymadsenband.atspace.com/