Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Safe app like Dropbox?

John Adams jna at
Mon Jan 7 14:20:28 PST 2013

On Sun, Jan 6, 2013 at 1:47 PM, Jacob Appelbaum <jacob at> wrote:

> I generally agree that the data should be encrypted, though I think it
> should also be authenticated and integrity checked before it is actually
> used.

If this level of paranoia is relevant to you, then maintain multiple
offline SHA, MD5, and other checksum formats before use.

It would be trivial to script this outside of Dropbox's scope.

> I also think most disk images are not actually that difficult to brute
> force - I was involved in a project to perform FileVault bruteforcing
> accelerated by an FPGA a few years ago. With a modern GPU, I think
> things are pretty slanted toward the attacker.

Saying that it's possible to break all encryption, all the time, is a
non-answer and doesn't address practical uses of cryptography. It also
creates an environment of fear for casual users. In the case of pure AES
(and not putting reliance on flaws in the implementation of systems like
Filevault), a reasonable attack on the algorithm still doesn't exist. (see:

What the user needs to do is to measure acceptable risk and weigh that
against the encryption system being used. It's also relevant to know the
validity of the information and the required amount of time it takes to
break the file. If you said 'meet me here next week' and it takes three
weeks to break AES-256, then I don't really care if you find out where I
was weeks ago.

> In this - I rather like what I've read about SpiderOak but I haven't
> seen a totally free implementation of the client or the server side...

I haven't looked at it, but I'd like to.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list