From 4ec2bb83877d54ea78a7db297c056b25e3c48928 Mon Sep 17 00:00:00 2001 From: Thalian Date: Sun, 9 Aug 2020 12:18:45 +0200 Subject: [PATCH] docs: Add FAQ discussing choice of encryption mode, fixes #5285 --- docs/faq.rst | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/docs/faq.rst b/docs/faq.rst index 1fcae6ecc9..c059c3224b 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -606,6 +606,43 @@ into the repository. Yes, as an attacker with access to the remote server could delete (or otherwise make unavailable) all your backups. +Which encryption mode is the safest / should I choose? +------------------------------------------------------ + +This question is impossible to answer in a simple way, because there is a bunch +of different aspects that need to be considered. Availability, confidentiality +and integrity take influence on how complex or comfortable your backup process +can be designed. + +1. Do you want full automation? + +If you choose password protection for encryption keys, you will have to store +the plain password somewhere for fully automated backups. If you have several +backup repositories, it is generally safer to have individual passwords. + +2. Do you trust the backup server? + +In repokey mode the key is stored in the repo and could be stolen by an +attacker. In keyfile mode the key never leaves the backup client. + +3. Do you trust the backup client? + +In keyfile mode the key is stored on the client and could be stolen by other +users. Password protection makes stealing the key useless. + +4. Can you afford to loose the backup repo? + +Can you restore a corrupted or lost repo? If not, there is no point in storing +the keyfile on the client separate from the repo. + +5. Do you mind securing your keyfile? + +If you loose your keyfile, the backup repo is lost. You may not want to store +copies of the key at other places and choose repokey mode. + +The safest choice may be password-protected keyfile mode running interactively +and storing the keyfile on USB stick. + How can I protect against a hacked backup client? -------------------------------------------------