

Cyphertite: 8 GB free encrypted backup with CLI client for Linux and Windows - iamthedata
https://www.cyphertite.com/

======
dchest
Oh, these are the guys that are confused about XTS mode[1], thinking it was
designed for protecting "bulk data". See my wonderful exchange with them on
Twitter:

[https://twitter.com/Cyphertite/status/450616668126203904](https://twitter.com/Cyphertite/status/450616668126203904)

[https://twitter.com/Cyphertite/status/450616106001399808](https://twitter.com/Cyphertite/status/450616106001399808)

which ended up with them calling me "some jerk on twitter who has nothing
better to do than talk shit".

[https://twitter.com/Cyphertite/status/450623654288969728](https://twitter.com/Cyphertite/status/450623654288969728)

—

[1] See this tptacek's post explaining XTS:
[http://sockpuppet.org/blog/2014/04/30/you-dont-want-
xts/](http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/)

~~~
discardorama
I keep seeing this in your blog post: "Attackers could [rewrite] /bin/ls into
a bindshell."

What does that mean? And how is it related to disk encryption?

~~~
aroch
Bindshells are shells that are bound to a port, see Wiki for a brief
explanation[1]. Basically, without authentication you have no way of knowing
that the `ls` you backed up is the same `ls` you get back out. If your remote
backup is compromised and uses XTS, its possible for someone to own you by
replacing an oft used binary that when run gives them a remote shell.

[1]
[https://en.wikipedia.org/wiki/Shellcode](https://en.wikipedia.org/wiki/Shellcode)

On the other hand, if the attacker needs to create the connection, the
shellcode is called a bindshell because the shellcode binds to a certain port
on which the attacker can connect to control it.

------
newscracker
There are a few reasons why many people would not (or should not) use
Cyphertite:

* It's been such a long time in development and there's still no client for OS X. Building from source should be an option, not the only way, if this is ever meant for mass adoption.

* There's no information about accessing backup files from mobile devices.

* Most importantly, unless you have more than 100GB of data to backup, you're better off with the premium plan (enterprise segment) than the expensive personal plan where you would get a lot lesser in return.[1] I had pointed this out to them a year or two ago, but there's been no change and this structure does not make sense for the section of home users who may have only a few tens of GBs to backup.

[1]:
[https://www.cyphertite.com/plans.php](https://www.cyphertite.com/plans.php)

------
2bluesc
More technical links for those interested:

[https://opensource.conformal.com/wiki/cyphertite](https://opensource.conformal.com/wiki/cyphertite)

[https://github.com/conformal/cyphertite](https://github.com/conformal/cyphertite)

~~~
iamthedata
Also a good tutorial with examples: [Getting Started with Cyphertite Remote
Backup]([http://blog.calyptix.com/2012/04/getting-started-with-
cypher...](http://blog.calyptix.com/2012/04/getting-started-with-cyphertite-
remote.html))

------
gherkin
How is this different to
Tresorit([https://tresorit.com/](https://tresorit.com/))?

~~~
jonathonf
Linux client, and the client source code is also available.

~~~
gherkin
Tresorit has a Linux client:

[https://tresorit.com/download/linux](https://tresorit.com/download/linux)

