[liberationtech] Safe app like Dropbox?
Jacob Appelbaum
jacob at appelbaum.net
Sun Jan 6 13:47:51 PST 2013
John Adams:
> Why don't you just get around the problem entirely and use Dropbox's
> storage for encrypted disk images?
>
> If you have data sufficiently encrypted, it doesn't matter how it's stored.
I generally agree that the data should be encrypted, though I think it
should also be authenticated and integrity checked before it is actually
used.
The main concern that I have is that an attacker pwning a Dropbox
account could tamper with encrypted files. I think that EncFS or
FileVault might not handle malformed disk images very well. I'm sure
this is true of any disk or file encryption program - most software is
pretty terrible when the attack surface is radically increased.
I also think most disk images are not actually that difficult to brute
force - I was involved in a project to perform FileVault bruteforcing
accelerated by an FPGA a few years ago. With a modern GPU, I think
things are pretty slanted toward the attacker.
In this - I rather like what I've read about SpiderOak but I haven't
seen a totally free implementation of the client or the server side...
All the best,
Jake
More information about the liberationtech
mailing list