Backup encryption key

Backup encryption key

Shachar Shemesh shachar at shemesh.biz
Fri Apr 24 09:34:40 IDT 2009


Before I begin, I should point out that I never brought my company's 
service up in this thread. Yes, rsyncrypto is my project, and it is a 
major part of the service Lingnu is offering, but it is open source, 
comes built in as part of Debian and Ubuntu, and you can use it without 
paying me or Lingnu a dime.

Diego Iastrubni wrote:
> As someone who tried to convince his boss to use Shachar's product, I can tell 
> you that there are companies (in israel!) who sell a competing product, which 
> is closed source, but:
>
>  * works with a nice Java Based web interface,
>  * it has a CLI version (works on 64 bit as well)
>  * it's incremental backup
>  * their service sends you email when you finish the backup
>  * the email tells you what amont of data (in MB) has been sent
>  * if you miss a backup a few days, you get a call from them "is everthing 
> ok"? - don't trust automated setups!
>  * they store up to a week of information as history
>  * the traffic is encrypted using blowfish
>  * if your initial backup is "huge" they can send someone to your office which 
> comes with a USB disk and copies it manually the first time.
>   
More than half the points you raise are related to the service, rather 
than the technology. Yes, you can get most of them from Lingnu as well, 
but the discussion here was centered around technology for doing remote 
backups (as I pointed out, I never even brought up the fact that my 
company offers such a service). In particular, the point one before last 
should be used as a huge warning sign as far as the technology is involved.
> Besides it being closed source, written in java and (*) it's a damn good 
> service. I can recommend off list if you want. Still, if I had the choise, I 
> would use Shachar's service, not only because of (*). I prefear my money to 
> go to someone from the community. 
>
>   
This is a huge point, though. The traffic transferring the data to the 
remote server is encrypted, but the data on the remote server is not. A 
rogue employee or a security breach may compromise your data.

Of course, once the data is not encrypted, manipulating it is a piece of 
cake. You can perform quite sophisticated server side processing on it.

Shachar

P.s.
Blowfish? In this day and age?

-- 
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20090424/db05dc56/attachment.html>


More information about the Linux-il mailing list