[liberationtech] Safe app like Dropbox?
Julian Oliver
julian at julianoliver.com
Mon Jan 7 14:48:24 PST 2013
..on Mon, Jan 07, 2013 at 02:20:28PM -0800, John Adams wrote:
> On Sun, Jan 6, 2013 at 1:47 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>
> > I generally agree that the data should be encrypted, though I think it
> > should also be authenticated and integrity checked before it is actually
> > used.
> >
>
> If this level of paranoia is relevant to you, then maintain multiple
> offline SHA, MD5, and other checksum formats before use.
>
> It would be trivial to script this outside of Dropbox's scope.
>
>
> > I also think most disk images are not actually that difficult to brute
> > force - I was involved in a project to perform FileVault bruteforcing
> > accelerated by an FPGA a few years ago. With a modern GPU, I think
> > things are pretty slanted toward the attacker.
> >
>
> Saying that it's possible to break all encryption, all the time, is a
> non-answer and doesn't address practical uses of cryptography. It also
> creates an environment of fear for casual users.
Well said! Context is more important than the generalised fear of The
Vulnerability.
As long as people are entirely dependent on the discreditations of 'security
experts' they're not making decisions, in local knowledge, for themselves.
Hence, experts can even put people at greater risk.
The 'security' of any service, method or protocol is always relative to the
context it is used within. Crudely put, two friends chatting loudly in a street
parade may carry less risk of eavesdropping than sending a 4096 bit GPG
encrypted email from one host on the Internet to another.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
More information about the liberationtech
mailing list