[Borgbackup] Scenario: Paranoid situation goes wrong
Melkor Lord
melkor.lord at gmail.com
Fri Sep 30 19:35:35 EDT 2016
On Fri, Sep 30, 2016 at 3:42 AM, Thomas Waldmann <tw at waldmann-edv.de> wrote:
> Let's say I'm really paranoid so I mirror everything within the repo(s)
> > but the "config" file
>
> The key in the config file is encrypted with a key derived from your
> passphrase, so just include it if you use the repokey method (default).
>
Yep but it defeats the purpose of the scenario which is not giving
opportunity to a third party to try brute-forcing the password by having
everything available.
> Alternatively, use the keyfile method, then the key will sit on your
> local filesystem - and you need to backup it separately.
>
I'll use a mix of these solutions. I'll mirror the repo to the FTP space,
without the "config" file and I'll backup it separately to make sure it's
always available even after a big disaster.
> > Now, sh*t happens! My server gets trashed for some reason and I get a
> > new one or new disks. Of course, I "forgot" to save the "config" file...
>
> If you lose the key, you lose your backup.
>
Which is exactly what I want for the prying third party eyes ;)
> > Ok but I miss the "config" file! How do I generate it back? Of course, I
> > still know the passphrase :-)
>
> The passphrase is only used to decrypt the key. It is not the repo
> encryption key itself.
>
Ok got it. Borg is definitely nice.
--
Unix _IS_ user friendly, it's just selective about who its friends are.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/borgbackup/attachments/20161001/f56addf8/attachment.html>
More information about the Borgbackup
mailing list