[Box Backup] Cryptographic checking
Ben Summers
boxbackup@fluffy.co.uk
Tue, 14 Sep 2004 11:24:13 +0100
I make certain claims for Box Backup with regard to it's use of
cryptography. However, I am not an expert (as in, I do not do crypto
every day for a living) and it has been historically shown that systems
designed by non-professionals can have problems.
That's not to say that there's dodgy crypto in Box Backup, quite the
contrary. I have read a large number of books, and spoken to the
professionals about things (and even recently designed a crypto system
which has been checked and passed as fine by the professionals), so I
do not think that confidence in the system is misplaced.
But this is not good enough. Now that it is getting popular, I really
think the crypto needs to be checked out by one of these professionals
with a view to getting a statement from them for the web site.
Fortunately, I know just the people to do this, but it's not
particularly cheap to get this done. I would estimate between 1000 and
2000 UK pounds based on my previous experience of using them to check
out things. I really can't afford this on my own.
Is it worth me getting a quote from them and asking the user community
for donations to get this funded?
Thanks for any thoughts.
Ben