Am 04.05.22 um 16:46 schrieb Exuvo:
Ah yes my RANDFILE was probably already created long ago when i
initially set up encryption.
From what i have read the random file is not really on most systems as
it is only there to help with low entropy systems (ie server that does
nothing most of the time).
Each time openssl runs it uses that file (if specified) for random seeds
and at command end it replaces the file with 256 new bytes of randomness
for the next invocation.
It is not needed for decryption.
From the man page the digest is only used to create the real encryption
key from the text key you supply. It should not affect speed at all.
The default digest is sha-256, sha-512 just has more bits. The only
thing you would gain is more protection against brute force attacks i
think.
Thanks, great.
As mentioned on Github, I still see issues with your crypt-script when
combined with amsamba: that leads to dumps with "missing size line from
sendbackup". Would be great to get that fixed as well.
I will try to streamline and cleanup my config and report the actual
dumptype definition.