Hacker News new | ask | show | jobs
by hackerhasid 3344 days ago
i don't understand why they went through all this trouble of encrypting things client-side if they're just going to store the private key on their own servers! what actual benefit is there to this service? the fact that data is encrypted in-transit? i assume every backup provider does that via https/etc!
1 comments
rocqua 3344 days ago
The private key can be encrypted by a password, presumably this encryption is done client-side.

This means the data is also secure in their datacentre at rest. That is, until you provide backblaze with your password to actually access your data.

Essentially, until you need the data that is backed-up, no-one can get to it.

link
jlgaddis 3344 days ago
My SSH keys are also protected by a passphrase, but you certainly won't find me uploading them to the Internet.
link
rocqua 3344 days ago
If it uses pbkdf2 with sufficient rounds and a decent password (say 5 words from diceware) it should be perfectly safe to upload the keys.

Better to keep them offline and keep ownership of the key as a second factor certainly, but encrypted keys can be a fully acceptable single factor.

link