Tarsnap is a backup service running with the slogan "Online backups for the truly paranoid".

The service has well earned its slogan as a secure backup option.

Created in 2006 by at the time FreeBSD's security officer Dr. Colin Percival, who was responsible for FreeBSD's security advisory.

Colin is not only a successful entrepreneur but also a dedicated FreeBSD user.

Colin has been getting his hands dirty with FreeBSD in the late 1990'ies when the firewall in his family house

running openbsd crashed due to disk failure. After changing the disk he did not manage to

figure out how to install OpenBSD so he went with FreeBSD. While studying for his doctrine, he got concern

about security, that led him to use freebsd where he later jumped on as FreeBSD security officer.

Being the FreeBSD's security officer gave him knowledge of security holes before anyone else did and

he needed a secure backup solution for storing his files. After some head scratching, he decided to

go the startup route and create his own backup solution. After getting several user requests about having

password-protected key storage, Collin created Tarsnap's secure cryptographical solution for

protecting keys called "Scrypt", which later got picked up by several opensource

projects such as the cryptocurrency project Litecoin.

Colin is a very intelligent and trustworthy person, to improve security when connecting

and staying connected between machines he creates spiped. Adding a layer of safety on top of just using regular

ssh, to mitigate attacks and weaknesses caused by OpenSSL.

Because scrypt has a heavy resource need, making it hard for attackers to crack, it became a more secure alternative then the standard hash functions we use in modern systems such as sha1 and md5.

The project started to growth and it was soon adopted by various larger companies

such as stripe.

If you are interested in finding and submitting bugs in Tarsnaps own code base, Colin has put up a Bug bounty

rewarding the people that find all kinds of bugs in the code base, a fun fact is that a majority of the security bugs

that gets submitted is not found by security researchers looking for holes but by average developers looking at

the functions in the code.

Today Tarsnap runs on a large set of different systems by a diverse crowd, providing secure storage of

data thanks to its stable code base and amazon s3.

Colin also donates Tarsnap's December profit to the opensource community sponsoring the FreeBSD foundation, the EuroBSD

conference, the bsdcan conference, bsdnow podcast and several other projects.

We are super happy to have Colin as a guest on Security Headlines!

External links:

https://github.com/Tarsnap/spiped

https://en.wikipedia.org/wiki/Tarsnap

https://en.wikipedia.org/wiki/Scrypt

https://www.Tarsnap.com/spiped.html

https://www.Tarsnap.com/kivaloo.html

https://github.com/Tarsnap/spiped

https://www.Tarsnap.com/open-source.html

https://github.com/mendsley/bsdiff

https://en.wikipedia.org/wiki/Paul_Graham_(programmer)

Stay up to date at:

https://blog.firosolutions.com