restic cryptography

submited by
Style Pass
2021-06-11 11:00:08

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups.

I keep hearing good things about restic. I am redoing my storage solution, and restic seems to tick all the boxes for my personal backups:

Today I have to wait a couple hours to get a passport (I'm Italian, this involved rolling dice for Charm Person) so I figured I would have a look at it.

Important: this does NOT qualify as a professional audit, nor am I endorsing restic's encryption beyond "I looked at it in a noisy waiting room for an hour I guess".

This post also does not attempt to fully explain all the cryptography it mentions, so if you find something particularly curious, confusing, or fascinating do let me know and I'll try to write properly about it.

Repository contents are content-addressed by SHA-256 at the encrypted file level, not at the backed up file level. That's good not to leak hashes of files, but I wonder how deduplication works.

Leave a Comment