Show HN: I made tarbackup.com for you, what do you think?

Your Git repo doesn't inspire confidence for usage by the public at large. If you want to continue using it, I would recommend that you change it over to friends-and-family access while you improve it.<p>A few things that don't impress me right off the bat:<p><pre><code> * text file for queue of users to create * not accepting passwords with non-alphanumeric characters (and also not having the knowledge to recognize a use case for a regular expression) * using a static salt </code></pre> To be honest, I just stopped looking at this point. That's all without actually looking at the front-end of it (which has several typos, by the way -- when you're selling yourself to a very large audience, every detail counts).

From your "how to use" page:<p><pre><code> # echo mysupersecretkey &#62; /backups/key # openssl enc -aes-256-cbc -salt -in fullbackup.tar.gz \ -out fullbackup.tar.gz.enc -pass file:/backups/key </code></pre> Please don't do this. openssl -aes-256-cbc is <i>not</i> a strong key derivation algorithm, so you need to use keys with much higher entropy (dd if=/dev/random of=/backups/key); an attacker can run through a dictionary of common passwords ridiculously quickly, thousands of times faster than when you're using a proper key derivation algorithm, e.g. bcrypt/scrypt/PBKDF2 to generate the key. If you do want to derive it from something akin to a password.<p>More seriously, openssl -aes-256-cbc does not do any integrity protection; in fact, an attacker can more or less flip any bits of his choosing in the ciphertext to flip those same bits in the plaintext. (Yes, I'm aware it's a tiny bit more complicated than that.)<p>It <i>is</i> possible to fix both of the above, but may I recommend gpg --symmetric as a simple and reasonably secure alternative?

See: tarsnap.com

I see that you are passionate about this.<p>After I wrote a paragraph about how you could use the hardware for a shell server, static (octopress/jekyll) website hoster etc. I realised, that free backups are actually really awesome.<p>For people who cannot afford another service or dont have access to a credit card or else. Also fpr my most important data like code as a second backup if all goes wrong.<p>Thanks for the service, I will probably actually use it.<p>But it being a fun project and only behind 5mbit upload, this is obviously not a professional solution or could be offered for money.

Thanks! I understand what this service is: free "cloud" backup, no guarantees. I have no problem with the latter part, given the former part. I'll use it accordingly and appreciate your gift.