Re: [Duplicity-talk] Encryption password selection

[Duplicity Mailing List]

On 09/12/14 15:31, Cláudio Gil wrote:
> Hi,
> 
> First, for me "secure" means "inability of others to decrypt the volumes
> in the remote storage". So, I was not trying to start a public-key vs
> symmetric debate. I was basically curious if, by using a RSA key pair,
> the remote volumes would be harder to decrypt for "equivalent" bit
> lengths (for example AES 128 and RSA 4096). 

You may want to go for AES256, not AES128, for the encryption and SHA512
for the signature in that case.

As for the keyfile verses passphrase, I would still recommend the
keyfile, there's quite a few reasons for this, but here are two more:-

1. Each time you encrypt something, the symmetric key will be different
(As it's randomly generated at the time of encryption). This randomly
generated symmetric key will be used to encrypt the data for the current
session, then will be encrypted using the public key for the asymmetric
key. This means if someone was able to crack the symmetric key
(Doubtful), they'd only have access to that small segment of data.

2. RSA keys, as said before (by both myself and Edgar), are generated
using random data collected from your computer, such as your mouse
movements, keyboard presses, network I/O, disk activity, etc... We
assume that it's harder to predict the above than it is to predict what
a user thinks of in their head.

Google has a huge amount of data on this, I recommend you Google around.
I can't really convince you one way or another. It's up to you.

> The backup system (where duplicity resides) has access to the plain
> files that are being backed up and is physically near those files. This
> means that if the system is compromised (my home) the encryption is
> irrelevant.

Although true, it also means that the attackers would have access to the
full history of files, not just the most recent versions.