[Box Backup] Feature Request

Chris Wilson boxbackup@fluffy.co.uk
Fri, 20 Jun 2008 18:52:00 +0100 (BST)

Hi Bjarne,

On Wed, 21 May 2008, Bjarne Carlsen wrote:

> While the workaround to transfer data via an USB harddrive, which is
> described in the wiki is nice, this workaround actually breaks the
> security of Box Backup in relation to clients. 
> Box Backup is a system where the server is not trusted and should never
> be concerned with the clients' keys.
> I propose a switch in bbackupd to back up the client's files directly to
> a connected USB-device in encrypted form in order to perform the first
> transfer to the server. In this way, the server and its operators will
> never see client-data in unencrypted form, nor have access to the
> xxx-FileEncKeys.raw.
> What say you, developers?

This switch is not as easy to implement as you think. It involves either 
writing a lot of code in bbackupd, or merging a lot of code from bbstored. 
It is on our todo list, but because of the amount of work involved and the 
fact that there is a workaround, it currently has a low priority.

A simpler workaround, that does preserve client security, is to have the 
client run a local bbstored, which saves files to local storage, and then 
to send off a portable storage device containing the encrypted files to 
the server operator and switch their configuration to back up to the 
server instead. This way, their keys are never divulged to the server 
operator or anyone else.

Cheers, Chris.
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | We are GNU : free your mind & your software |