Duplicacy change encryption password11/13/2022 ![]() Snapshot for each volume that contains files to backup. On Windows, the -use-fs-snapshot option will use Windows’ Volume Shadow Copy Processed files and not the transferred data. If you don’t pass the -verbose option, restic will print less data. Some of the data was duplicate and restic was able to efficiently reduce it. ItĪlso tells us that only 1.200 GiB was added to the repository. Size of the files and directories in ~/work on the local file system. You can see that restic tells us it processed 1.720 GiB of data, this is the Hexadecimal characters, 40dc1520 in this case. #Duplicacy change encryption password passwordOpen repository enter password for repository: password is correct lock repository load index files start scan start backup scan finished in 1.837s processed 1.720 GiB in 0:12 Files: 5307 new, 0 changed, 0 unmodified Dirs: 1867 new, 0 changed, 0 unmodified Added: 1.200 GiB snapshot 40dc1520 savedĪs you can see, restic created a backup of the directory and was prettyįast! The specific snapshot just created is identified by a sequence of But I’d still say that, overall, the keyfile scenario is much safer in situation where the attacker has the password and just as safe in situations where the attacker has the keyfile.īut again, I am not a crypto expert, so I stand to be corrected.$ restic -r /srv/restic-repo -verbose backup ~/work So that could lead to a wrong sense of security. #Duplicacy change encryption password archiveThis latter bit is the only tricky part I can see in this particular comparison: it’s tricky because the user has to understand that even when the archive password has been changed, the old password will still work in combination with the old keyfile. create a new keyfile) and destroy all copies of the previous one. the password alone is not enough, the attacker also needs to find your keyfile. In the keyfile scenario, you have two advantages: 1. In the current situation that means your data is gone as soon as attacker gets access to the archive and there is absolutely nothing you can do about it (your only escape route is to better hide the archive or delete it). To drive that particular comparison even further, let’s look at a situation where the attacker has the password (but not the keyfile). How does that make it easier for him/her to get access to my data (compared to the current situation)? The missing piece in both cases is the password, isn’t it? Let’s say an attacker gets their hand on the keyfile. The keyfile would also be stored on the remote destination, making it easy for an attacker (or a broken disk). I would guess, for example, that in the business context, it might be important to be able to change the password (e.g. So perhaps the question is not so much about more or less security but what kind of security. command line) version of this can be implemented without too much effort, I would like to suggest that it should be moved up the priority list a bit, simply because making password change possible already now would safe so much hassle of downloading and reuploading huge archives in the furture.Īnother thought: I would say that the possibility to easily change the password for the entire archive also has security benefits compared to the current situation where this is not the case. where the user knows that to access the archive, two things are needed: passphrase and keyfile. A double auth backup would be one with a keyfile, i.e. Perhaps this could be achieved by letting the user choose between a single-auth and 2-auth backup, when creating a new backup job: A single authentication backup is what we have today. So, as has been pointed out in the google groups discussion, the challenge is to find a way to create that kind of awareness also with respect to the duplicati key file. backs it up) because it also holds lots of other passwords. The difference is then that the user knows about it and treats it with greatest care (e.g. If these are reasonable assumptions, what exactly is the difference to the keyfile scenario? It seems to me (but I’m by no means a cryptoexpert) that the password manager also constitues a single point of failure. The most popular storage place is probably a password manager.Since the passphrase is long and cannot be changed, it has to be stored somewhere outside the users brain.So let’s take a more detailed look: what current situation are we comparing the keyfile scenario with? Single point of failure, yes, but is it a disadvantage? “Disadvantage” implies that it makes the situation worse than it is now and since the current situation can look differently, depending in what (type of user) you have in mind. It has the disadvantage that you have a really important intermediate file, giving a single point of failure. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |