Duplicacy.json - key iterations

brenku · 29 November 2021 20:15

Hello again!

Small question…

I have read through this: Init command details
Specifically I would like to ask about the key iterations value.

The -iterations option specifies how many iterations are used to generate the key that encrypts the config file from the storage password.

If I had started a backup, and then later adjusted this value “key_iterations” in the duplicacy.json, what is the consequence of this? Nothing if it’s just for the config file??

Thank you. I just want to ensure my data is safe. I increased the key iterations value because I thought it would increase security.

saspus · 29 November 2021 20:24

The key generation and derivation occurs when the storage is created.

You can change the password – see Password command details, and specify -iterations there to re-encrypt the config file with more iterations if desired.

Note, this won’t change chunk encryption secrets and does not re-encrypt entire datastore, but will change how those keys are protected in the config file. ~~Also, save the number of iterations used, otherwise you won’t be able to connect to that storage~~.

brenku · 29 November 2021 20:43

This is good information, thank you.

I will try re-encryption of the file with more iterations.
I will also remember (record) the iterations, so I can get the right

I bought a lifetime license recently, and I’m in this for the long run.
There is so much to learn!
I kind of wish there was more of an official presence for the Duplicacy documentation. This forum jumping around is informative, but not super straightforward.

Not to compare you, but I like how restic is using https://readthedocs.org/ for their documentation. I think Duplicacy could use this.

saspus · 29 November 2021 21:09

To be clear, I’m just a user, like you. I’m not part of Acrosync staff in any way.

I think this is the official documentation, just published in the form of a forum post:

gchen · 30 November 2021 04:12

There is no need to remember this number, because it is embedded in the header of the config file in plaintext, and that is how Duplicacy knows how many iterations to use when decrypting this file.

Droolio · 30 November 2021 04:28

Agreed! Has been suggested before, and added to the roadmap.

(Should be noted, though: Read the Docs is a hosting platform, which uses Sphinx or MkDocs under the hood, so gchen can easily self-host or put up on Github Pages if desired. Example.)