[Cryptography] how to encrypt for the very long term?

Alfie John alfie at alfie.wtf
Sat Jul 28 08:04:08 EDT 2018

On Fri, Jul 27, 2018 at 02:06:49PM +0200, Christoph Anton Mitterer wrote:
> I'm basically looking into encryption of (backup) files for the very
> long term (like at least 20 years).
> The basic scenario is as follows: arbitrary files in the 20-30 TiB
> range are backuped with dar (which splits into much smaller slices) and
> put on tape.
> Ideally, the whole thing should be resilient against data corruption,
> e.g. if some bytes of the tape are lost, the remainder of the encrypted
> file can still be decrypted (dar tries to recover from such broken
> archives),... however this shouldn't go at the cost of security.

You might want to checkout PAR2 which uses Reed-Solomon behind the scenes:


> A (number of) passphrase(s) shall be used for encryption (i.e. not a
> pubkey scheme) of the symmetric encryption key... simply because
> otherwise I'd rely on the private key and would need some other
> sophisticated means to backup that as well.

To be honest, when encrypting something for 20 years, your biggest problem will
be remembering all the various passphrases. That wasn't snark, just the honest
truth sadly from experience.


Alfie John

More information about the cryptography mailing list