0

Sorry for the naive question.

I wonder how DigitalOcean Spaces (S3 compatible) fits personal backups.

I found a lot of information about security of Amazon S3 and its security is undoubted, however, nothing about DigitalOcean.

On DigitalOcean Spaces, there are only three options: File Listing, CDN, CORS all are Disable for me.

I think all my backups I can separate into two group: sensitive backups (stored encrypted on Spaces) and photos (stored as is).

For encryption I think about using duplicity but with symmetric key (I do not want to mess with keys).

What do you think about this strategy? Is it safe enough?

com
  • 101
  • Regardless of which tool you use for backing up, and which cloud storage service you use - you should do an encrypted backup, so that the cloud storage provider only sees your encrypted files and not your plaintext files. This will mean you will have to 'mess with' keys, but it's not hard, and the benefit is worth it. See https://security.stackexchange.com/questions/238786/cant-amazon-see-my-files-if-i-use-s3cmd-gpg-with-a-complex-password for how you can do this using s3cmd. – mti2935 Mar 10 '21 at 18:56
  • @mti2935 you mean duplicity with symmetric key is not secure enough? Can you confirm this point? – com Mar 10 '21 at 19:02
  • Duplicity with symmetric encryption is also fine. You still have to mess with keys (symmetric keys). – mti2935 Mar 10 '21 at 20:50
  • @mti2935 You mean password? – com Mar 11 '21 at 06:59
  • If you're using a password, then this means that the symmetric key is derived from the password. Make sure that the key derivation function is strong (i.e. make sure that it's not like this: https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase/29139#29139), and make sure that you choose a long and very strong password. – mti2935 Mar 11 '21 at 12:46
  • @mti2935 Thank you very much for the clarification. I don't think I can change the key derivation function in `duplicity` – com Mar 12 '21 at 07:49

0 Answers0