Commands‎ > ‎

Init

Initializes a backup area:

$ hb init -c backupdir [-k key] [-p ask/env]

The init command creates and initializes the backup directory.  If the directory already exists, it must be empty or init will complain.  This avoids overwriting a directory by mistake.

During initialization, an inex.conf file will be created, listing files that should be excluded from the backup.  You may want to review and modify this before your first backup.

The -k option specifies your own encryption key.  Normally a random key is generated by init, and -k is not recommended.  But in some environments you may want a common key for several backups, a key that's easier to remember, or may want a blank key.  These are all less secure than a random key, but it may be less likely that the key is lost.  A key with special characters will require quotes, for example: -k 'my special key'.  Spaces are always ignored in keys, so the key abcdef is equivalent to abc def.  To set a blank key, use -k '' (two single quotes).  The key can be changed later with the rekey command.

The -p option adds a passphrase to your key.  -p ask means to get the passphrase from the keyboard.  Every hb command will ask for the passphrase.  -p env means to read the passphrase from a shell or environment variable named HBPASS.

It is recommended to use a local directory with -c.  If you are tight on disk space, use the cache-size-limit  config option to conserve space in the backup directory.

IMPORTANT: if you do back up directly to remote storage (the -c backup directory is on remote storage), the encryption key is also stored here.  If you don't own & control the remote storage, for example, you are backing up directly to Google Drive with -c, it is important to use a passphrase to protect your backup.


Choosing a passphrase

All of HashBackup's security comes from your key.  This is why hb init creates a random key by default: it is next to impossible for someone to guess a long random key.  Here are some suggestions for creating a strong passphrase to further protect your key:
  1. Make up a sentence that you will remember and use this as your passphrase.  A sentence is easier to type than a password like Wjd0$p2^! and is stronger because it is longer.  Length wins over weird, hard to type, hard to remember passwords.  Example: the fat green martian landed his shiny silver spacecraft
  2. Make up a sentence that you will remember and use the first letter of each word as your passphrase.  For the first sentence in this paragraph, that would be: muastywrautfloewayp
  3. Adding special symbols (other than spaces) will increase the passphrase strength.  One easy way to do this is to use special symbols before, after, and/or between words, for example: .,.this.,.is.,.a.,.decent.,.passphrase.,.!  But make up your own special symbol rule.  Even adding just one special symbol, especially in the middle, will increase your passphrase strength.
  4. Adding a number, especially in the middle, will increase your passphrase strength
  5. Use a password manager program.  These store lists of passwords and passphrases in an encrypted file, protected by a master passphrase.  They often have password generators built in and you can cut and paste a passphrase when needed.
  6. To learn more about the importance and methods of choosing a good passphrase, do a search for: strong password / passphrase, password / passphrase strength, or password / passphrase entropy
Comments