[Box Backup] New openssl packages fix predictable random number generator

Peter Jalajas, GigaLock Backup Services boxbackup at boxbackup.org
Thu May 15 13:41:21 BST 2008


------=_Part_6685_26636333.1210855281671
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thu, May 15, 2008 at 7:39 AM, Bjarne Carlsen <bjarne at mail2net.dk> wrote:

> <snip>
> The way I see it, we are defending against the usual suspects here: The
> malicious server operator, anyone from the outside able to gain
> privileges on the server and finally outright theft of the whole server.
> <snip>


The problem is, though, that a, if not _the_, fundamental design goal of
BoxBackup is the ability to survive such attacks on the server, I think.

>From very near the top of http://www.boxbackup.org/trac/ :   "The server is
trusted only to make files available when they are required - all data is
encrypted and can be decoded only by the original client. This makes it
ideal for backing up over an untrusted network (such as the Internet), or
where the server is in an uncontrolled environment."

------=_Part_6685_26636333.1210855281671
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thu, May 15, 2008 at 7:39 AM, Bjarne Carlsen <<a href="mailto:bjarne at mail2net.dk">bjarne at mail2net.dk</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><snip></div>The way I see it, we are defending against the usual suspects here: The<br>
malicious server operator, anyone from the outside able to gain<br>
privileges on the server and finally outright theft of the whole server.<br><snip></blockquote><div><br>The problem is, though, that a, if not _the_, fundamental design goal of BoxBackup is the ability to survive such attacks on the server, I think. <br>
</div></div><br>From very near the top of <a href="http://www.boxbackup.org/trac/">http://www.boxbackup.org/trac/</a> :   "The server is trusted only to make files available when they are
required - all data is encrypted and can be decoded only by the
original client. This makes it ideal for backing up over an untrusted
network (such as the Internet), or where the server is in an
uncontrolled environment."<br>

------=_Part_6685_26636333.1210855281671--



More information about the Boxbackup mailing list