Backup-Encryption - safe to use?

[dusty128]

Dear Proxmox Forum,
I am considering using the Proxmox backup encryption. If I understand it right, I create a new datastore in the client and create (autogenerate) an encryption key which is then used to encrypt the backups on the client side. On Proxmox PBS everything is then encrypted with this key.

From my point of view encryption adds security but can also be a risk for data loss (in case the key is lost, there is a software bug, upgrades change the encryption etc.).

So I wonder what your opinion on this topic is: Is the encryption safe to use and would you recommend it?

Best Regards,
Hermann

 

[UdoB]

So I wonder what your opinion on this topic is: Is the encryption safe to use

Yes.
I am not a cryptographer, but I would not expect any "normal" attacker to crack that encryption. Maybe the NSA could do that, but that is not in my threat scenario.

and would you recommend it?

Sure.
Encryption is always recommended. This does not mean I have it enabled everywhere, I have to admit. Recovery may be difficult. In case of PBS you can just copy the key into your password manager (that's what I do) or print it on a small piece of paper and put it into a safe.

And: in the Homelab this is completely up to you. In a company you probably have some policy which requires to secure data as good as possible and document this.