Why is there a Master Password?

Serious question that I don’t understand–I’m not trying to sound like a smart-ass, though I realize my question kind of comes-off that way, sorry:

  • The Master Password is not the encryption password for the backup.
  • The Master Password obfuscates the encryption password locally.
  • The need of the Master Password prevents the program from starting automatically (which you never want in a backup program).
  • If my attacker is sitting in front of my computer, he doesn’t care about my backup encryption password, because he’s already sitting in front of my computer.
    So…Why is there a Master Password? It seems to just get in the way.

The master password reduces the problem of storing many storage passwords/credentials to the problem of storing one master password.

You don’t want to store those storage passwords/credentials in plaintext, so you want to use KeyChain on macOS, CryptoAPI on Windows, and Keyring on Linux. However, these things may not be available (for headless linux) or not reliable sometimes, and if that happens you’ll just need to enter the master password on the web page or set up the DWE_PASSWORD environment variable before running the web GUI.

2 Likes

How is so? It’s actually what you absolutely always do want in a backup program – backup should be automatic and unattended.

Or did you mean something else?

1 Like

I think he’s saying that you never want something to prevent your backup program from starting automatically. So I think you’re both in agreement.

1 Like

Ah, you maybe right. I misread — the problem is not that it starts automatically but that it is prevented from starting automatically.

1 Like