[Osmium]

Tarsnap seems to rely pretty heavily on Amazon's infrastructure, so I'm guessing it won't support this? Which is a shame because I'd really like to use it, but can't afford to right now as an individual.

Arq seems really good at supporting a broad variety of cloud providers though, so hopefully they'll add this too. I'm hesitant to use cloud backups generally; I've never seen an audit of how secure Arq's backup scheme is, for example (though it seems pretty simple - https://www.arqbackup.com/s3_data_format.txt). I've used CrashPlan a lot and basically take it on faith that it's secure. It's probably good enough for my use, given that I'm not storing state secrets or anything, but it's still a little unsettling to 'lose control' of one's data.

From Backblaze's point of view, I guess this is either smart (diversifying themselves–people can use other backup software if they like, and Backblaze still profits) or less smart (turning themselves into a commodity), but it seems like their software is still first rate, so I guess it'll work for them.

[cperciva]

Tarsnap seems to rely pretty heavily on Amazon's infrastructure, so I'm guessing it won't support this?

I'll be taking a look at this of course, but there are things which are more important than price -- for example, reliability. Tarsnap users trust me to not lose their data, and I trust S3 to not lose their data. That's a trust I don't have in B2 yet -- first, simply because B2 hasn't been around for long enough to prove itself, and second based on what I've heard from former Backblaze users.

[Freaky]

> I've used CrashPlan a lot and basically take it on faith that it's secure

They use Blowfish. Says it all really - their default encryption is a long-obsolete 64-bit block cipher you might have picked in 1999 because it was faster than 3DES.

I can only assume they do this because migrating would cost them money, and being able to advertise "448 bit encryption" actually sounds like a plus to most people and not the glaring red flag it actually is.

> it seems like their software is still first rate

What, like their backup client that can't actually do restores? It's still all "log in to our website and let us decrypt your data for you" :/

[Osmium]

> They use Blowfish. Says it all really - their default encryption is a long-obsolete 64-bit block cipher you might have picked in 1999 because it was faster than 3DES.

Not defending it, because I know it's old and there are weaknesses, but aren't Blowfish and 3DES both still technically secure? This is a genuine question. It was my understanding that if implemented correctly, with a random key etc., that neither has been formally broken. 3DES is 2^112 no? which is still not practically accessible by brute force. Not that this means anyone should use them, of course, AES is a standard for a reason...

As you say, I had just assumed the migration cost was too high to move to something newer, but I don't think it necessarily means data stored there is unsafe?

[Freaky]

Sure, but it's not exactly putting them in a good light is it? Dressing up obsolete stuff as state of the art "same as your bank uses", while either being unwilling or unable to migrate to something more era-appropriate.

Calls into question their competence, their honesty and their architecture all at once.

[dragontamer]

Wait, what about Blowfish is insecure? BCrypt is built on top of Blowfish.

Blowfish supports key-lengths up to 448-bits. And I've never heard of a single criticism of the function. Its just kinda... less used than Rijndael because it didn't "officially" win the contest. But otherwise, it is a fine function.

EDIT: Confused Twofish with Blowfish in the AES finalists.

[Freaky]

Obsolete is not the same as insecure. But it is old, it does have its weaknesses, and there have been better options out there for a very long time. Why continue to use it? Is upgrading your crypto that difficult that you'd rather just leave it for another decade or two?

It also calls into question the nature of all the other crypto they're using - is that all >20 years old too? Still tuned for a world of 486's and 68040's?

[tedunangst]

The 64 bit block size is a (minor) problem if you're storing lots of data because you start seeing duplicates.

[Osmium]

Doesn't this depend on the mode of operation/block chaining? Or is it an issue regardless?