Les Mikesell wrote at about 10:02:34 -0500 on Thursday, June 4, 2009:
 > Jeffrey J. Kosowsky wrote:
 > > 
 > > As I proved in my earlier post, the chance of a collision on even a
 > > Petabyte sized pool is about 1 in 10^38. 
 > 
 > Note that we've all gotten used to trusting tcp crcs for error detection 
 > and it's probably much weaker.
 > 
 > However, it would still be disturbing to realize that your backup 
 > integrity could be compromised by anyone with access to the files. 
 > Consider a scenario where a disgruntled employee who still has access to 
 > files first prepares the 'evil twin' file with the hack to force an md5 
 > value and puts it somewhere that the backup system will find it.  Later 
 > he makes the matching alteration to critical files in a way that doesn't 
 > break normal use.  Then he waits for any backups of the unaltered data 
 > to expire, then destroys the working copies and leaves.
 > 
 > Assuming it's your job to restore a working copy, what happens next?

I would assume that if such a "disgruntled" employee has *write*
access to critical files, then surreptitiously modifying a few backup
copies would be the least of your worries. He could much more easily
and reliably make other non-detectable changes to the same critical
files that would be much more guaranteed to create damage than to hope
that some day there would be a crash of the system requiring a restore
of the corrupted pool file. And if an employee was so skilled to know
how to manipulate the block architecture and md5sum hash of the backup
system, then he surely would be talented enough to come up with many
more serious, evil, and probably less detectable ways of causing
damage.

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/