Will no backup or no password be ever implemented?

There are several threads on GitHub regarding encryption or empty passwords. They are all locked without a definite answer.

My question: is there today a plan to implement either a backup without encryption or with an empty password?

I find that restic is great, but I need to have an unencrypted or empty-password backup. For reasons.
What I am trying to say is not whether encryption is good or bad, just if I can not have it or have an empty password (now, or someday).

Always requiring a password and encryption for the repository is sort of a feature. So it’s not too likely that this will change. For short to mid term the answer is definitely no.

4 Likes

I agree.

Encryption will be increasingly important in backups due to privacy. Requiring it is a good feature.

I personally ended up with restic, because people suggested that it’s great in encryption and developers have appreciation for software security.

1 Like

For encryption-less backup, you may want to look at rsync.

If you don’t care to encrypt things, you actually have a lot of options for backup. Down to really simple copy solutions to something sophisticated like rsync.

I am curious, what is the downside of encrypting for your workflow? Do you feel like you may lose the password?

Rsync just moved files . More flexible version of move. It’s not a backup software, with compression, deduplication, encryption, backends, with repository operations.

1 Like

Thank you, this is clear.

Requiring (as opposed as having it as a default, but allowing to disable it) it means that the people who do not need/want it will not use the software, that’s all. You may be of the opinion that this is dumb but it is their informed choice and will not affect anybody else than them.

With this approach, http://neverssl.com should be banned and people actively pushed away from it because it poses security risks. Maybe Chrome should also block it for good measure.

FWTW I work in information security and wrote some security software you may even have used if you are in the field. And yet, I need these unencrypted backups.

This is just to say that @MichaelEischer answer was really to the point: it is a design decision that will not change, I respect it and won’t unfortunately use restic then.

I can recommend rsnapshot.it builds snapshots with rsync while hardlinking unchanged files. So ot has also some kind of deduplication.

Password 123456. Problem solved. For additional insurance, put the password in the repository. It’s just a file with almost zero overhead work.

2 Likes

I believe a significant reason behind the current ethos is that encryption is baked into restic at every turn; it’s not one of those programs that has data safety added in as a useful extra: it’s a cornerstone of restic. To add a feature that allows for unencrypted repos means that code has to be added to bypass encryption, which makes everyone’s data less safe.

There is no rational reason to compromise the security of people’s backups to add support for insecure workflows; if your use case can’t cope with including a password or password file then it’s a fundamentally broken process and it is this that needs fixing.

1 Like

@Wpq I know you don’t want to hear reasons for or against, but I’m curious; what is your use case for not having a password in the repository?

2 Likes

It is purely experience based, there is no quantifiable reason.

I work in IT and information security for 30 years. I saw a lot of cases where the software that was doing X could not deliver (because data corrupted, bug, whatever). In a few cases, we managed, miraculously, to recover by using the data format to extract at least some data. We wrote a few articles about that in the past so that others can learn on our misery (it was either a failed encryption header, of logical drive went wrong).

I do not want to close this possibility for a backup. I know that there can be endless explanations how encryption will not hinder this, or that recovery outside of restic is not possible anyway but if I do not need the encryption (because I don’t), why taking the extra risk.

I like restic and I will probably end up having ‘password’ as the password, and a file in the repository that says README - the password is here.txt. And hope for the best to recover files.

By “hope for the best” I mean “automate recovery testing” :slight_smile:

I am glad to know that you have addressed all possible situations/processes in the world and can authoritatively claim that. Good for you.

Yes, this is my current plan too.

Okay, so if I may try to summarize, the reason you want to have no encryption and preferably no password is to remove complexity and reduce the risk that the software has bugs that might render the backups unrestorable.

I think its worth to know that in the processes that delete or rewrite something, there is always the implicit assumption that even if the same content is written, it will result in a different repository file. For instance there is no guarantee that a pack rewrite won’t pack exactly the same blobs in a new pack. Then this new pack is written and afterwards the old pack is deleted - without a check if the names are identical.
The encryption (using a random nonce) ensures here that that check is not needed as a different nonce will result in a different pack file.

Moreover keep in mind that the encryption not only encrypts but also MACs the data, so you also get an (additional) data corruption check by this.

About your motivation to disable encryption to be able to retrieve information even if arbitrary things break: I understand how you are thinking. Note that even if you know the password, you (and restic) also needs to derive the master key which is actually used for the encryption. This key is derived by any key file and the corresponding password for that key file. That is, if you loose or corrupt your key file, it doesn’t help you to know the password. So, some people suggest to generate multiple keys - this is even possible using the identical password. Alternatively you might think of doing extra backups of your key file.

Yes, and I forgot that one can forget the password :slight_smile:

You might want to create backup copies of the config file and the keys folder. The config file is somewhat recoverable, but a damaged key is not.

1 Like

That’s a joke, right? :wink:

3 Likes

It’s an additional joke!

1 Like