[Box Backup] Unencrypted storage?
Sun, 5 Dec 2004 13:38:25 +0000
On 4 Dec 2004, at 18:50, Joris wrote:
> Garry Glendown wrote:
>> Joris wrote:
>>> But I can picture a situation where it may mean having to encrypt a
>>> couple of terrabyte to begin with, and then requiring a backup
>>> server that's 10 times more powerfull just to be able to handle the
>>> encryption. All this while the old backup solution's (physical?)
>>> enviroment provided the neccesairry data confidentiality.
>> Maybe I have misunderstood something here, but Box Backup does NOT
>> encrypt on the server, but on the client, therefore the server should
>> have less load than with a centralized encryption ... also, you don't
>> have to trust the server's (or server operator's) confidentiality,
>> which may be an issue! (just was at a customer yesterday, where they
>> put a directory on the Linux box w/ SMB share just for two people,
>> because they need a local admin that can take care of the Windows box
>> - but they couldn't keep files from him ... problem was, if he has
>> access to the local backup of the Linux box, he might be able to
>> restore the files to a directory he might have access to on user
>> level ...)
> The place where the encryption happens does not change the fact that
> it requires extra cpupower, but I indeed somehow got the wrong model
> in mind while writing the above.
For the archives: Encryption takes place on the client.
(Encrypting on the server would be a very silly thing to do, as it mean
you have to trust the server. Box Backup requires a server trusted only
to keep the data safe and obey the protocol.)
> I think my arguments for a encryptionless option are still valid.
If you don't want encryption, then there are other good open source
projects to consider. Encryption will never be an option in Box Backup:
1) The overhead of symmetric encryption is not great. AES encrypts at
many Mb per second on modern hardware.
2) I don't want to introduce a second code path in such a critical
area. Testing would be difficult.
3) I don't want users to be able to turn off encryption, just in case
they do it by mistake.
On the other hand, I can see that you might not want to bother
encrypting the link between the server. I have added an entry to my
feature request list to turn off SSL after the initial authentication,
for use on local networks.