Security Announcement
On 13th May, 2008, the Debian Project announced a vulnerability in their OpenSSL package. See the announcement for more information.
This page attempts to explain how this may affect users of Box Backup using Debian systems.
First and foremost, Box Backup users who generated their certificates/keys on affected Debian systems should consider the security of their backups compromised. The server admin or anyone able to deduce the private key of a server or client certificate could have read your data.
If the PRNG in your OpenSSL was insufficiently random, you need to:
- Regenerate all affected certificates, which have been generated or signed on an affected system
- Regenerate all the data keys (*-FileEncKeys.raw)
- Destroy the data stored on your server to an appropriate level of security (overwrite with zeros at the least, more if you're paranoid)
- Upload everything again
- Take appropriate measures under the assumption that you have been storing your data in plain text on a public server without authentication.
You need only worry about the systems where:
- The certificates were generated or signed
- The .raw keys were generated
- The client which backed up data
If your server has this flaw, but no key material or signing was done on it, you should be fine.
If your certificates are weak but the .raw keys are fine, assume that your data has not been read, but that an attacker logged in and corrupted your backups. Destroy the data and start again.
If your certificates are fine[1] but a client's .raw file isn't OR an affected client backed up data, just destroy data for that client and restart with that client. Assume that client's data has been exposed to the server admin, but not the outside world.
[1] Meaning that all cryptographic operations were done on an unaffected machine, including the generation of the client certificate keys before signing elsewhere.