How long should I make the crypt password and salt?

What is the problem you are having with rclone?

Thanks for the software. I hope there is a special place in heaven for everyone developing this and helping out people here.

Not a problem, but I need some advice. I get that 64 bit is memorable and 128 is secure. But how secure? I am going to store personal data like dedical records and id cards and stuff that I would rather not anyone get to. But more than that, though, I require access to it in case my other backups fail. I get that I could save it in Keepass, but I would rather it be something that I can memorize.

I am going to store it in as many places as I can as "nice to have" backups. Therefore, some will be inevitably shady. Should I just use the 1024 bit password rclone generates in that case?

Additionally, how far should I go in terms of storing it to untrustworthy providers? Or does the provider not matter because no matter who, they can not just break the encryption in any reasonable time frame?

Thanks. Please let me know if I should have given any other information.

Run the command 'rclone version' and share the full output of the command.

  • os/version: Microsoft Windows 10 IoT Enterprise LTSC 2021 21H2 (64 bit)
  • os/kernel: 10.0.19044.2728 (x86_64)
  • os/type: windows
  • os/arch: amd64
  • go/version: go1.19.4
  • go/linking: static
  • go/tags: cmount

Are you on the latest version of rclone? You can validate by checking the version listed here: Yes

Which cloud storage system are you using? (eg Google Drive)

Google Drive, MEGA, OneDrive, Dropbox for now. i will use others in the future.

The command you were trying to run (eg rclone copy /tmp remote:tmp)

Paste command here

The rclone config contents with secrets removed.

Paste config here

A log from the command with the -vv flag

Paste  log here

If you generate a 128 bit random password then there isn't enough time in the universe to check all the possible 2^128 = 10^38 passwords

The emphasis there is on random.

So use more bits if you want but for all practical purposes 128 bits is enough. Alas even a 128 bit password is too long for most people to remember the random string, so if you are writing it down / storing it in a password safe then you might as well use a longer one.

You keep the key locally. The provider gets the encrypted data only which they won't be able to decode in any reasonable time frame. Don't upload the key anywhere unless it too is encrypted.

Hello, Mr. Nick. Thanks for everything.

I guess 1024-bit random it is then. I can store it in Keepass.

Would you say that there are still some places where I should not store the data, encryption or not? Thanks again.

If you've got a secure key then store the data wherever you like!

Thank you!

I am going to leave the summation of everything I have found out in case someone is looking for the same answer in the future and is as paranoid as I am.

As long as the key is randomly generated and is 128 or (preferably) 1024-bit, you can store your data absolutely anywhere, regardless of the trustworthiness of the storage provider.

Rclone does not allow you to change the password once the encryption is done. If you are giving the decryption key to someone, know that they have a permanent key to decrypt that crypt remote if they gain access through whatever means.

Rclone can also encrypt your config file, which acts as a key. Secure it in as many places as you can trust, as if you lose it, you lose your data.

Finally, rclone and its encryption algorithm is open source, and there are already two software programs that can decrypt the data, and anyone with the necessary skill can make one themselves easily. So no need to worry about being locked in, in case you can not access rclone for whatever reason.

Thanks for everything again, Mr. Nick.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.