More about Box Backup

In a pair of earlier posts here, I described my ideal backup system (which does not yet exist) an some of the problems I see with existing systems. Ben Summers, the author of Box Backup contacted me recently to ask that I clarify my earlier comments about Box Backup.

In particular, I wrote that "the 0wner of the system on which the backups are being stored [can] identify ... which files have been modified". As a FreeBSDer, I meant "file" to mean "stream of bytes associated with an inode on disk" -- not the directory entry which points at it. To repeat: Box Backup does not directly allow someone with access to the storage device to directly obtain the names of files.

Nevertheless, my point concerning my personal paranoia remains: If an intelligent attacker sees a file which is 996688 bytes inside a directory containing 26 other files and one subdirectory, he'll be able to guess that he's looking at /lib/

Posted at 2007-01-12 23:00 | Permanent link | Comments
blog comments powered by Disqus

Recent posts

Monthly Archives

Yearly Archives