Ubuntu One needs cloud encryption like LastPass does it
Paul Smith
paul at mad-scientist.net
Fri Apr 6 01:18:37 UTC 2012
On Fri, 2012-04-06 at 01:41 +0100, Dale Amon wrote:
> I do not know the details, so I will ask: is it the case that:
All we can know for sure is the way the system is DOCUMENTED to work, as
I said in my other email.
> * The user crypto key is generated on the
> the user machine.
Yes.
> * The password for the user key is set on
> the user machine and never leaves it.
Yes. Well, the passphrase is in your head obviously, so of course it's
available wherever your head is.
> * The user crypto key never leaves their
> machine(s).
No, I believe they upload the generated key to the server, after it's
been encrypted with your passphrase.
> * The user's password for their crypto key
> is never used outside the confines of their
> local machine.
Yes, as long as you don't use their website to access your content and
only use the local tool.
> * The data is fully encrypted on the user
> machine and only encrypted data transits
> the net and sits on the storage server.
Yes.
> * The encryption algorithm is such that
> no key except the one on the users
> machine can decrypt the remotely stored
> data.
Yes.
> If the statement made in the other reply is true, and you can
> 'retrieve your data from any internet device' then it is patently
> obvious that data security *is* violated.
Why is it "patently obvious"? I'm sure when they say "any internet
device" they don't mean devices that do not have access to the secure
tokens necessary to decrypt the content. They mean a device that has
internet access (so it can retrieve the encrypted content from the
server), and where you can enter your passphrase to decrypt it.
Even if they did not upload the crypto key, that doesn't mean that you
couldn't have it with you on a USB key or something, and still access
your data from "any internet device".
I'm sure that they felt that forcing you to keep both the passphrase AND
the crypto key yourself was simply not a commercially viable solution
for the general public. It would be nice if they offered an option
(with appropriate cautions) to not upload the keys at all, I agree.
More information about the Ubuntu-devel-discuss
mailing list