Server update
About 40 minutes ago, at 11:45 PM EST on June 23, the server that I believe the FBI took during the DigitalOne raid came back online for the first time.
The logs indicate that it was not booted into its OS during the time it was missing.
DigitalOne has still said nothing about the raid to me, but my best guess is that the FBI did have physical possession of the server for this period. If so, they could have copied the data from the drives without booting from them and without leaving evidence of the copy.
Since it was returned so quickly, it’s likely that they determined that it wasn’t part of their target group and wanted to avoid any problems that could have resulted from its continued seizure. While they could have copied the data for future analysis, I believe it’s unlikely that they would have reason to do so. Regardless, I have no way to know what they did (or didn’t do) with it.
For whatever it’s worth, I have deleted the code, data, and keys from the server and asked DigitalOne to cancel my account immediately. I’m not convinced that they did everything they could to prevent the seizure of non-targeted servers, and their lack of proactive communication with the affected customers is beneath the level of service I expect from a host.
Many commenters and emailers have taught me that bcrypt and scrypt are better than salted SHA-1 hashes for password storage, so I’m researching them and will begin load-testing with them next week. If all goes well, I’ll deploy one of them and migrate all subsequent logins and password changes away from salted SHA-1 hashes.
I appreciate the outreach from people wanting to help me fight the FBI or DigitalOne somehow, but that’s honestly the last thing I’d want to do. Even if money were no object, I can’t afford the time or the stress, I’m not looking for any sort of reimbursement, and nothing they say would absolutely assure me (or even the slightest skeptics) that they had zero copies of the data.
I have a great product to maintain, expand, and improve, and there’s nothing I’d rather do than get back to work doing what I love.
