Re: [Duplicity-talk] Encryption password selection

[edgar . soldin]

On 08.12.2014 18:08, Yves Goergen wrote:
> For duplicity 0.6.23 (Ubuntu 14.04), what are the recommendations for 
> selecting an encryption password? I can't find any information about how it's 
> even used and what requirements (minimum/maximum length, allowed characters) 
> there are.

for symmetric encryption passphrases anything from length of one character up 
should work.

consult your favorite search engine for suggestions on how to choose "strong" 
passwords/-phrases.

> Also, I've never seen a system encrypting and signing data with a password 
> only (no key file involved), 

that's because that is not possible. signing is always done with keys.

>and now I've read that duplicity also signs the backup volumes and can detect 
>changes to it. 

well, it'll warn you if that's the case. there is no strong error because of 
that.

>Is that true or have I misunderstood something? 

yes, you can encrypt symmetrically and sign the result with a key.

>I only know GnuPG with keys, not with passwords only.
> 

duplicity uses gpg command line binary internally, so theoretically anything 
that's possible with gpg duplicity can do as well.


..ede/duply.net