@ITsecJ When you initialize a backup, a key is generated and put at ./key.conf. It's then up to you to keep it some place other than the computer to be backed up.
It can be protected with a passphrase, and the database can be rekeyed to a new key, potentially one you provide. Archive blobs are always encrypted, with the key in the database.
@ITsecJ I'm rocking hashbackup, which has loads of options for handling its key.conf
@entreprelife Acknowledgement that someone's read this. There isn't much I can offer other than assurances that shock is an entirely normal part of the grieving process. You aren't unusual in this way.
Is Pixelfed support planned?
@jerry muh best practices
@ITsecJ The real gotcha is the inverse: The key material for the backup being *only* stored on the machine in question.
And then it's gone.
@ITsecJ Backups should always be encrypted at rest. Key material being present in them is bad practice, but if the backups are encrypted at rest, it's "kinda" not a problem. If your backups aren't encrypted, you have bigger problems.
@maxeddy man I miss making people that mad. kudos.
@httpeter User education. As children, we learn not to touch the stove by burning ourselves.
It's not acceptable for some random in accounting to learn their lesson on phishing in this manner.
Twitch Plays Your Workstation
@slh And I'll bet at least five people were accused of violating bail before they figured out what happened
Hacker, comedian, RED Scout fan, gold Ekko one-trick. Watching them sorting debris.
A Mastodon instance for info/cyber security-minded people.