Backup gocryptfs.conf?

[kovica]

I'm sorry for creating an issue, but I didn't find the info anywhere else.
Is it save, recommended to store gocryptfs.conf in a backup?

[petres]

Maybe you can find some info there: #50

[rfjakob]

Good link, yes!

If you take a backup of your encrypted directory, I would recommend including gocryptfs.conf. This makes the backup self-contained and so much easier to restore.

[kovica]

Thanks guys. The link was helpful. Since I use long password (more that 15 chars) I asume it is save to store it in backup. I think I will save the file in my local backup, but exclude it from an off-site backup. I will print out the master key as said when you mount the encrypted drive.

[iomartin]

@rfjakob, can you please elaborate on the security implications of uploading gocryptfs.conf to the cloud? On #50 it is said that it is more secure not to upload it, but here it is implied that the tradeoff convenience/security makes sharing not so much of a problem. I just want to understand how much security I am giving up by uploading it.

[rfjakob]

When you upload gocryptfs.conf to the cloud, the cloud provider could try to crack the password. This is not an issue if the password is strong ( see #50 (comment) for guidance ).

Without gocryptfs.conf, there is no way to crack the password, so the password can be somewhat weaker.