Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Safe app like Dropbox?

Jacob Appelbaum jacob at appelbaum.net
Sun Jan 6 13:47:51 PST 2013


John Adams:
> Why don't you just get around the problem entirely and use Dropbox's
> storage for encrypted disk images?
> 
> If you have data sufficiently encrypted, it doesn't matter how it's stored.

I generally agree that the data should be encrypted, though I think it
should also be authenticated and integrity checked before it is actually
used.

The main concern that I have is that an attacker pwning a Dropbox
account could tamper with encrypted files. I think that EncFS or
FileVault might not handle malformed disk images very well. I'm sure
this is true of any disk or file encryption program - most software is
pretty terrible when the attack surface is radically increased.

I also think most disk images are not actually that difficult to brute
force - I was involved in a project to perform FileVault bruteforcing
accelerated by an FPGA a few years ago. With a modern GPU, I think
things are pretty slanted toward the attacker.

In this - I rather like what I've read about SpiderOak but I haven't
seen a totally free implementation of the client or the server side...

All the best,
Jake



More information about the liberationtech mailing list