undefined | Better HN

0 pointstzs2y ago0 comments

First make sure you understand how they handle encryption. The features and ease of use come at the cost of some security.

They generate a public/private key pair for the user. The client gets the public key and the server gets the private key. During backups the data is encrypted on the client with a symmetric key (which I believe is generated on the client). The encrypted data is sent to the server. The symmetric key is encrypted using the public key and also sent to the server.

On a restore they use the private key on the server to decrypt the encrypted symmetric key, use that key to decrypt the backup data, and then make the decrypted files available in a zip file that the user can download. The download is over HTTPS so is encrypted in transit.

If you don't like the idea of them having such access to your private key they do offer an option to add additional protection [1]:

> The user’s private key which is stored safely in our data center is protected by a password that is highly guarded. But for some users this is not good enough and we allow the user to secure this file with their own password. When this is done it is impossible to access the data without the user’s password. Unfortunately, this also means we can’t help the user if they ever forget this password so we don’t recommend it for most users.

If you do that then when you restore you have to enter that password on their site when requesting the restore, so their server can decrypt the private key.

They give some more detail in their "Security Question Round-up!" [2]:

> The answer shows a weak point in the Backblaze system. As you prepare a restore, you must type in your private passphrase into the restore server. This is not written to disk, but held in RAM and for the period of time of decrypting all your files, and they are then stored in "clear text" on our very highly secured servers until they are ZIPPED up and offered to you to be downloaded. At that moment you can download them (by HTTPS only), then you can "delete the restore zip" which means you close the window of time that your files are available in plain text.

> So to recap: if you never actually prepare a restore, we cannot possibly know what is in your files, but if you prepare a restore (let's say of a few files) then for the couple minutes they are being prepared and downloaded they are in "plain text" on a HIGHLY SECURE system in the Backblaze datacenter. At that moment, if a Backblaze employee were malicious enough and dedicated enough and was watching (which is actually pretty hard, we get thousands of restores every day so it would fly by quickly) they could see your filenames appear on the Linux servers right before they are ZIPPED up into a new bundle. A few minutes of exposure.

> We actually want to improve this to provide a password encrypted ZIP file for download, and then the FINAL improvement is to actually allow you to download the private encryption key, download the encrypted files, and provide the pass phrase in the privacy of your computer. We hope to add this functionality in the future.

[1] https://www.backblaze.com/blog/how-to-make-strong-encryption...

[2] https://help.backblaze.com/hc/en-us/articles/217664798-Secur...

0 comments

Groxx2y ago

While I completely agree: I don't believe this applies to Restic (or many other many-cloud-host backup software). It seems to be using the dumb S3 like API with an entirely local encryption, as do many others because that's kinda the only portable way to do encryption.

I have not dug into it in detail though, so I would encourage everyone to not believe this without verifying.

tzsOP2y ago

Yup. What can cause confusion is that Backblaze is offering multiple storage products. One is a cloud storage service similar to S3, and one is a computer backup service and accompanying client software.

• If you use the backup service, which is called Computer Backup, Backblaze supplies the client backup software. Computer Backup is $9/month/computer (with discounts if you pay in advance which can lower it to $5.25/month/computer if you pay 3 years in advance) and has file sharing and mobile apps.

It's meant to be an all-in-one easy to use backup service that you don't have to think much about.

• If you are using the S3-like service, which is called B2, Backblaze just provides storage and an API. If you want to use it for backup you have to supply the backup software, such as Restic. It is priced based on storage rather than number of computer, costing $6/TB/month.

There are no data transfer costs for uploads. Downloads are $0.01/GB but each month you get free up to 3x the total amount you have stored. You'd have to be having a really bad month if you had to restore your entire backup more than 3 times!

There are also charges for using some API calls. It looks like upload and delete calls are free, download calls are 2500 free per day then $0.0004 per 10000, and calls that manipulate data on the server like copying are 2500 free per day then $0.0004 per 1000 calls. That doesn't seem too bad. Downloading a million files in one day would be about $0.40.

nullify882y ago

This is correct. Details about it's usage of encryption is here: https://restic.readthedocs.io/en/v0.4.0/Design/#keys-encrypt...

RockRobotRock2y ago

I love Backblaze as a product and as a company, but when I first heard about this I was stunned.

fennecbutt2y ago

But surely someone who is actually that concerned about security will have the files being backed up already encrypted before they're backed up to b2? That way no need for encryption b2 side, then decrypt them locally after pulling them back down again.

loopdoend2y ago

If you’re not decrypting the files yourself then they could be meddled with or snooped on, I’m not sure which is worse…

This whole “the files would fly by really quickly” line is not reassuring as surely this means the whole scraping/thieving thing could be automated.

j / k navigate · click thread line to collapse