Daemonic Dispatches

More about encrypted backup

Richard Bejtlich linked to my last post here and several people have emailed me to suggest existing services or utilities which I might want to use. I have considered all of these; for a variety of reasons none of them satisfy my needs.

The first suggestion I received (from several different people) was Mozy Remote Backup. There are a few reasons I don't want to use this:

• Mozy doesn't support FreeBSD.
• It's not clear how efficient Mozy is at handling modifications in files. Mozy's overview talks about "Block-level differential backup", and their FAQ mentions that Mozy "Backs up only blocks that have changed"; but their Affiliate Program page mentions byte-level incremental backups, which are far better. The fact that Mozy's website isn't even self-consistent about such an important detail doesn't exactly inspire confidence either.
• Mozy advertises their "448-bit symmetric encryption"; this brings to mind Bruce Schneier's Snake Oil Warning Sign #5: Ridiculous key lengths (you'll have to scroll down a bit to find it), and an insightful observation I encountered a while back (I can't remember who made this observation, sadly): "Beyond 256 bits, the security of a system using symmetric encryption tends to be inversely proportional to the length of the key advertised".
  Indeed, there are a couple of points which give me direct cause to be skeptical about Mozy's security. First, they use Schneier's Blowfish cipher instead of his more recent Twofish cipher; while Blowfish was a remarkably solid block cipher for its time, there is no justification for using it now instead of Twofish or AES (Rijndael). Second, and far more disturbingly, Mozy recommends that you encrypt your data not with a key which you alone hold, but instead with a default Mozy key -- which essentially means that your data would not be encrypted at all. After such a monumental blunder, the fact that Mozy offers the option of encrypting data with my own key isn't going to make me trust them to get anything right as far as security is concerned.
• Finally, I don't like Mozy's tiered pricing. Computers are very good at keeping track of how much disk space / bandwidth / cell phone airtime / electricity / etc. people are using and sending out appropriate bills at the end of a month. Being asked to decide ahead of time whether I will want 5GB of storage, 30GB of storage, or 60GB of storage simply makes me think that Mozy's business model is dependent upon people paying for far more storage than they actually use.

The next suggestion I received (again, multiple times) was duplicity. This inspires rather more confidence than Mozy, but still has one critical limitation: It operates within the traditional model of "full backup + incremental backups" instead of a snapshotted model. This means that you can't delete a backup without making all the incremental backups taken after that point useless; I wouldn't be able to, for example, have hourly backups for the past week, daily backups for the past month, weekly backups for the past year, and monthly backups beyond that. It also slows down the process of recovering from the backups, since you would have to download the full backup and all of the incremental backups thereafter instead of simply restoring the latest snapshot directly.

The third popular suggestion I received was Box Backup. The "Programmers(sic) Notes" included are a bit difficult to understand; it sounds like boxbackup does use some very complicated magic with its "encrypted rsync" to allow some old bits of files to be removed, but I'm not sure if this includes intermediate versions of backed-up files or only the versions which are the oldest at the time. The later possibility is fine if you only really care about having a backup of the most recent version of everything, but it's not useful if you want (as I do) lots of recent backups but far less frequent older backups. Box Backup also leaks more information than I'm comfortable with; it allows the 0wner of the system on which the backups are being stored to identify

• The structure of the directory tree,
• The number of files in each directory,
• Approximately how large each file is, and
• Which files have been modified.

I'm probably far more paranoid about such things than most people; but I would not want an attacker to say "hey, Colin just updated /lib/libcrypto.so.4 on his server; there must be a new OpenSSL security vulnerability"; even worse, if I used Box Backup, such an attacker could likely figure out which files I had recently modified in /usr/src in order to narrow down his search for whatever unannounced bug I had just patched.

UPDATE: See my more recent post for a clarification about Box Backup.

In short, I'm still not aware of any utilities of services which satisfy my backup wants. Any other suggestions? Please let me know.

blog comments powered by Disqus