Encryption program necessary?

Going to upload my files to a b2 bucket can I rely just on the Duplicati encryption or do I need to use veracrypt or cryptomator?


Duplicati includes encryption libraries. By default it uses AES-256. What you need is to remember to save the passphrase in a secure place.

I don’t know if Duplicati even has an upper limit but even a 256 char password passes its validation. That should help you out too. Need a password manager to manage that length. You don’t need that high but then again since it allows it and you never know.

It depends on your desire for extreme security, however there is probably an operational cost for that.
Correct me if I’m wrong, but neither of those other methods will allow simple restore of individual files.

With Veracrypt, you’d back up your container. With Cryptomator, the file names are encrypted as well.
I’m assuming you’re aiming for some extra backup gain, as opposed to backing up the clear-text files.

Duplicati’s AES-256 is done by its own SharpAESCrypt code, which follows the AES Crypt file format.
GNU Privacy Guard is used by some people, for reasons I can’t fully detail. It does take more setup…

For ordinary security, I’d think AES-256 with a good long passphrase (to stop brute forcing) is enough.
If you pick an extraordinary length, you might want to make sure other tools (e.g. AES Crypt) can do it.



At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented.

I can’t speak to how “correctly implemented” the Duplicati engine is but I have to expect that after 14 years, if something was notably off, it probably would have come up at some point. Still, it is in beta and hasn’t had a formal security audit (to my knowledge), so who knows.

For myself, Duplicati encryption is a bonus that should stop most people that stumble upon a backup set but at the end of the day it’s no guarantee.

As far as I can tell the length of an AES key (passphrase) can, in general be any length of bytes long. In the case of Duplicati I cannot see a defined limit in a cursory glance at the code base but it is late and could have easily missed a line or six…

The passphrase length limit (if there is one) is quite high, I’m able to use a 2640 character passphrase, which is probably a pinch overkill but good to know you could, if you really wanted to I guess.

No particular reason for 2640 length, just happens to be when I stopped pasting characters into the test string.

1 Like