I would like encryption for home because the backups are stored externally.
Because i am my own admins and the computers are backup belongs to me,
i wouldn’t mind to have either a single pass for all the clients or one per client or user.
Personally i wouldn’t mind a “rough” storage encryption that wouldn’t cover for example metadata and folder tree, as long as file names are encrypted.
My understanding is that it s not much more difficult to encrypt file names than file content, interesting data can still be extracted from the file names, for example try to attack a special file, whereas knowing that one folder contazins alot of files and another one very few wouldn’t help too much for an attacker.
Actually even rot13 for filesname and filecontent would protect against a brut scan of the file from a bot/worm.
Thinking about it, where to place the decryption key is slightly annoying.
To be done well, it would need to reside on client and not on server.
Then this cause a ton of complexity, however the main issue is basically bot or script kiddies that even given access to the server wouldn’t be able to du much if their tools doesn’t support urbackup decryption.
Another issue is that the storage is remotly hosted and can be looked at the the host , but again i think simple encryption is enough
Another issue is that the admin can read the user’s files, but solving this creates it s own pitfalls.
In case the key is per user or client
Maybe the key needs to be sent to the user by email in case the server has to be restore from scratch, as to make sure he received it at least once.
Eventually add an option to allow the admin to restore in case the user lost its key.
Because users wouldn’t care about not losing their key until they realise that they need it for restore.
For inter client dedup and different users having access to different clients, i wonder how that could work. Like gpg can encrypt for multiple recipient, but if you give access to a user after a backup, he wouldn’t be able to decrypt previous ones. Or maybe make a group key that can decrypt the backups and allow many users to decrypt that group key.
And if that’s possible to encrypt for different users, maybe that’s also possible to dedup between clients.
I wonder how much additional dedup occures between clients (30% ?). So i am not sure if the tradoff for supporting it would be that bad.
If encryption is implemented, if possible please add an encryption type as metadata for each backup.
So that it becomes possible to switch from from a some heavy pgp thing to a fast rot13 one in case i realise that there a cpu issue, without having to scratch all the backups for that client.
… that was long