RFC: end-to-end compare -aq (Was: Re: [Box Backup] Win32 native client service bbackupd.conf)

Chris Wilson boxbackup@fluffy.co.uk
Fri, 7 Jul 2006 18:32:02 +0100 (BST)


Hi Gary,

On Thu, 6 Jul 2006, Gary wrote:

> The alternative of the client sending up to the server the ciphertext 
> along with strong checksums for the ciphertext, to be stored and 
> compared by the server later on, would also allow for an end-to-end 
> bbstoredcheckaccount (without requiring client cooperation).

Why even do that? The server can compute the checksum of the ciphertext by 
itself. It could write the checksum to disk alongside the encrypted data, 
and "bbstoreaccounts check" could verify that the encrypted block still 
hashes to the same checksum, and thus the encrypted data was not damaged 
on the server (however unlikely that might be).

That proposal is pretty orthogonal to the fast client verify proposal, and 
it would seem to make sense to implement both.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |