Ubuntu One needs cloud encryption like LastPass does it

[Jordon Bedwell]

On Thu, Apr 5, 2012 at 8:18 AM, Dale Amon <amon at vnl.com> wrote:
> On Wed, Apr 04, 2012 at 07:55:09PM -0400, Sam Smith wrote:
>>
>> I use "SpiderOak" because it offers client-side encryption. It provides the security & privacy I seek.
>>
>> I'd prefer to use Ubuntu One, but until it supports client-side AES 256-bit encryption & additionally encrypts the decryption key itself (like SpiderOak does) I won't even consider it.
>
> And rightly so. With the new NSA capabilities going into
> place and the atmosphere around the world, you are
> absolutely not safe in your privacy if it is possible
> for anyone to acquire your keys or decrypt your files
> without stealing your computer and beating or threatening
> the password out of you.
>
> I include various State's laws seizures and court orders
> under the classification of 'stealing and threatening'.

Encrypting the encryption key has nothing to do with security, you
guys are spreading FUD and assumptions now IMO.  Encrypting the key
has to do with usability, it's no more secure than having a single
encryption key that you have memorized and actually it's the same
concept except fragmented between you and the data... they still need
only attempt to break into a single file and then they have access to
all the other files... They encrypt your encryption key because it's
much more feasible to re-encrypt a single file then it is to
re-encrypt the entire set of fragmented data.  Whether on your
computer or not if you have gigabytes or hundreds of gigabytes of data
it could take quite a long time to re-encrypt it unless you have
dedicated crypto hardware. Then you have to re-upload all that data
again, wasting their bandwidth and wasting more space on their
servers.  This is why utilities just create a strong encryption key
for themselves and encrypt that file with your key.