Backup multiple PC's to same repository, security

cheitzig · 14 January 2019 01:49

Hi,

I’ve read some related posts, but don’t think this has been asked as such. For my family members, I’d like to have them all backup using duplicacy GUI (licences bought), and all backup to a single Google Drive account where I have unlimited storage. I’d like to prevent the case though, where one user’s poor Windows / Mac password choice exposes everyone’s data (i.e., my understanding is that the Windows / Mac main password encrypts the storage encryption key).

So my thought is to use one Google Drive storage directory and different encryption keys. Is there any advantage to that vs. just creating a different Google Drive storage directory and using a different encryption key?

I’m also, of course, open to other ideas on why I should or shouldn’t create separate directories and/or use separate encryption keys. I know I’ll be giving up duplicate-free backup by using separate encryption keys (i.e., same file in repository will look like two files in the storage, so will be stored twice).

TheBestPessimist · 26 January 2019 10:08

I want to make a note at the beginning that most of what i’m saying here is just what i think, and not facts. @gchen is the real knowledge base :^) !

I think that is incorrect: the storage password is the one you use (read: type) when you init for the first time that particular storage. Afterwards, even though you init multiple repositories to the same target storage, you must always use the same storage password for all those repos. (you may change a storage password with the password command but afterwards you must use this new password for all your storages – just like in the normal usage).

This is not currently possible but there is a related discussion here: Privacy for multiple users backing up to shared repo · Issue #416 · gilbertchen/duplicacy · GitHub.

There will be no deduplication for multiple repositories -> multiple storages. You may only have deduplication if you use a single storage. (imo that’s the only drawback)

I think the last paragraph no longer applies due to my above answers.

cheitzig · 26 January 2019 16:36

Thanks, Cristian! I’ll take a look at the other thread. Occurs to me that I can just use multiple folders at Google Drive then, and that’ll accomplish the security/privacy point

gchen · 27 January 2019 04:29

@TheBestPessimist is right. Currently all folders backed up to the same directory in the storage must share the same storage encryption password. If you want to use different encryption passwords then they should go to different directories in which case you lose the benefit of cross-computer deduplication.

I think per-client encryption passwords are possible and it is on my to-do list.

cheitzig · 27 January 2019 14:20

Thankss @gchen. My $0.02 is that cross-computer de-duplication combined with multiple encryption keys is a lower priority since an easy solution is multiple directories. Thanks for replying!

TheBestPessimist · 27 January 2019 14:58

For anyone: Feel free to use the button on the posts that you found useful.

For the OP of any support topic: you can mark the post that solved your issue by ticking the box under the post. That of course may include your own post