Going to upload my files to a b2 bucket can I rely just on the Duplicati encryption or do I need to use veracrypt or cryptomator?
Hello
Duplicati includes encryption libraries. By default it uses AES-256. What you need is to remember to save the passphrase in a secure place.
I donāt know if Duplicati even has an upper limit but even a 256 char password passes its validation. That should help you out too. Need a password manager to manage that length. You donāt need that high but then again since it allows it and you never know.
It depends on your desire for extreme security, however there is probably an operational cost for that.
Correct me if Iām wrong, but neither of those other methods will allow simple restore of individual files.
With Veracrypt, youād back up your container. With Cryptomator, the file names are encrypted as well.
Iām assuming youāre aiming for some extra backup gain, as opposed to backing up the clear-text files.
Duplicatiās AES-256 is done by its own SharpAESCrypt code, which follows the AES Crypt file format.
GNU Privacy Guard is used by some people, for reasons I canāt fully detail. It does take more setupā¦
For ordinary security, Iād think AES-256 with a good long passphrase (to stop brute forcing) is enough.
If you pick an extraordinary length, you might want to make sure other tools (e.g. AES Crypt) can do it.
tl;dr
At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented.
I canāt speak to how ācorrectly implementedā the Duplicati engine is but I have to expect that after 14 years, if something was notably off, it probably would have come up at some point. Still, it is in beta and hasnāt had a formal security audit (to my knowledge), so who knows.
For myself, Duplicati encryption is a bonus that should stop most people that stumble upon a backup set but at the end of the day itās no guarantee.
As far as I can tell the length of an AES key (passphrase) can, in general be any length of bytes long. In the case of Duplicati I cannot see a defined limit in a cursory glance at the code base but it is late and could have easily missed a line or sixā¦
The passphrase length limit (if there is one) is quite high, Iām able to use a 2640 character passphrase, which is probably a pinch overkill but good to know you could, if you really wanted to I guess.
No particular reason for 2640 length, just happens to be when I stopped pasting characters into the test string.
1 Like