Fossil SCM
Reordered a few paragraphs in backup.md to place more important info earlier in the doc.
Commit
8a0ea9b6c0ce04ee6fddb77bcd398378bf382d6d52183b907c4d05e7de3f31f2
Parent
8a539f14da59a47…
1 file changed
+12
-14
+12
-14
| --- www/backup.md | ||
| +++ www/backup.md | ||
| @@ -176,24 +176,10 @@ | ||
| 176 | 176 | |
| 177 | 177 | If you’re adding this to the first script above, remove the |
| 178 | 178 | “`-R repo-name`” bit so you get a dump of the repository backing the |
| 179 | 179 | current working directory. |
| 180 | 180 | |
| 181 | -This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you | |
| 182 | -won’t have the `-pbkdf2` and `-iter` options, and you may have to choose | |
| 183 | -a different cipher algorithm; both changes are likely to weaken the | |
| 184 | -encryption significantly, so you should install a newer version rather | |
| 185 | -than work around the lack of these features. | |
| 186 | - | |
| 187 | -If you’re on macOS, which | |
| 188 | -still ships 1.0 as of the time of this writing, [Homebrew][hb] offers | |
| 189 | -the current version of OpenSSL, but to avoid a conflict with the platform | |
| 190 | -version it’s [unlinked][hbul] by default, so you have to give an explicit | |
| 191 | -path to its “cellar” directory: | |
| 192 | - | |
| 193 | - /usr/local/Cellar/openssl\@1.1/1.1.1g/bin/openssl ... | |
| 194 | - | |
| 195 | 181 | Change the `pass` value to some other long random string, and change the |
| 196 | 182 | `iter` value to something between 10000 and 100000. A good source for |
| 197 | 183 | the first is [here][grcp], and for the second, [here][rint]. |
| 198 | 184 | |
| 199 | 185 | Compressing the data before encrypting it removes redundancies that can |
| @@ -202,10 +188,22 @@ | ||
| 202 | 188 | during the backup. You may wish to switch to a less space-efficient |
| 203 | 189 | compression algorithm that takes less CPU power, such as [`lz4`][lz4]. |
| 204 | 190 | Changing up the compression algorithm also provides some |
| 205 | 191 | security-thru-obscurity, which is useless on its own, but it *is* a |
| 206 | 192 | useful adjunct to strong encryption. |
| 193 | + | |
| 194 | +This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you | |
| 195 | +won’t have the `-pbkdf2` and `-iter` options, and you may have to choose | |
| 196 | +a different cipher algorithm; both changes are likely to weaken the | |
| 197 | +encryption significantly, so you should install a newer version rather | |
| 198 | +than work around the lack of these features. If you’re on macOS, which | |
| 199 | +still ships 1.0 as of the time of this writing, [Homebrew][hb] offers | |
| 200 | +the current version of OpenSSL, but to avoid a conflict with the platform | |
| 201 | +version, it’s [unlinked][hbul] by default, so you have to give an explicit | |
| 202 | +path to its “cellar” directory: | |
| 203 | + | |
| 204 | + /usr/local/Cellar/openssl\@1.1/1.1.1g/bin/openssl ... | |
| 207 | 205 | |
| 208 | 206 | |
| 209 | 207 | ## <a id="rest"></a> Restoring From An Encrypted Backup |
| 210 | 208 | |
| 211 | 209 | The “restore” script for the above fragment is basically an inverse of |
| 212 | 210 |
| --- www/backup.md | |
| +++ www/backup.md | |
| @@ -176,24 +176,10 @@ | |
| 176 | |
| 177 | If you’re adding this to the first script above, remove the |
| 178 | “`-R repo-name`” bit so you get a dump of the repository backing the |
| 179 | current working directory. |
| 180 | |
| 181 | This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you |
| 182 | won’t have the `-pbkdf2` and `-iter` options, and you may have to choose |
| 183 | a different cipher algorithm; both changes are likely to weaken the |
| 184 | encryption significantly, so you should install a newer version rather |
| 185 | than work around the lack of these features. |
| 186 | |
| 187 | If you’re on macOS, which |
| 188 | still ships 1.0 as of the time of this writing, [Homebrew][hb] offers |
| 189 | the current version of OpenSSL, but to avoid a conflict with the platform |
| 190 | version it’s [unlinked][hbul] by default, so you have to give an explicit |
| 191 | path to its “cellar” directory: |
| 192 | |
| 193 | /usr/local/Cellar/openssl\@1.1/1.1.1g/bin/openssl ... |
| 194 | |
| 195 | Change the `pass` value to some other long random string, and change the |
| 196 | `iter` value to something between 10000 and 100000. A good source for |
| 197 | the first is [here][grcp], and for the second, [here][rint]. |
| 198 | |
| 199 | Compressing the data before encrypting it removes redundancies that can |
| @@ -202,10 +188,22 @@ | |
| 202 | during the backup. You may wish to switch to a less space-efficient |
| 203 | compression algorithm that takes less CPU power, such as [`lz4`][lz4]. |
| 204 | Changing up the compression algorithm also provides some |
| 205 | security-thru-obscurity, which is useless on its own, but it *is* a |
| 206 | useful adjunct to strong encryption. |
| 207 | |
| 208 | |
| 209 | ## <a id="rest"></a> Restoring From An Encrypted Backup |
| 210 | |
| 211 | The “restore” script for the above fragment is basically an inverse of |
| 212 |
| --- www/backup.md | |
| +++ www/backup.md | |
| @@ -176,24 +176,10 @@ | |
| 176 | |
| 177 | If you’re adding this to the first script above, remove the |
| 178 | “`-R repo-name`” bit so you get a dump of the repository backing the |
| 179 | current working directory. |
| 180 | |
| 181 | Change the `pass` value to some other long random string, and change the |
| 182 | `iter` value to something between 10000 and 100000. A good source for |
| 183 | the first is [here][grcp], and for the second, [here][rint]. |
| 184 | |
| 185 | Compressing the data before encrypting it removes redundancies that can |
| @@ -202,10 +188,22 @@ | |
| 188 | during the backup. You may wish to switch to a less space-efficient |
| 189 | compression algorithm that takes less CPU power, such as [`lz4`][lz4]. |
| 190 | Changing up the compression algorithm also provides some |
| 191 | security-thru-obscurity, which is useless on its own, but it *is* a |
| 192 | useful adjunct to strong encryption. |
| 193 | |
| 194 | This requires OpenSSL 1.1 or higher. If you’re on 1.0 or older, you |
| 195 | won’t have the `-pbkdf2` and `-iter` options, and you may have to choose |
| 196 | a different cipher algorithm; both changes are likely to weaken the |
| 197 | encryption significantly, so you should install a newer version rather |
| 198 | than work around the lack of these features. If you’re on macOS, which |
| 199 | still ships 1.0 as of the time of this writing, [Homebrew][hb] offers |
| 200 | the current version of OpenSSL, but to avoid a conflict with the platform |
| 201 | version, it’s [unlinked][hbul] by default, so you have to give an explicit |
| 202 | path to its “cellar” directory: |
| 203 | |
| 204 | /usr/local/Cellar/openssl\@1.1/1.1.1g/bin/openssl ... |
| 205 | |
| 206 | |
| 207 | ## <a id="rest"></a> Restoring From An Encrypted Backup |
| 208 | |
| 209 | The “restore” script for the above fragment is basically an inverse of |
| 210 |