 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Apr 25, 2011, at 11:22 AM, Ian Stokes-Rees wrote: > > Can someone either give the 30 second version of security shortcomings > in Dropbox, or point me to something which describes this? I'm > interested in understanding this better. Dropbox has master keys for everything. If the FBI knocks on Dropbox's door and demands your files, Dropbox can and will provide those files. Wuala has no master keys. Same basic security model used by Carbonite. All Dropbox storage encryption happens server-side. Dropbox relies on the security of SSL when authenticating and when moving files between S3 buckets and clients. All Wuala storage encryption happens client-side. Encryption keys are never sent over the wire. Both Wuala and Dropbox are potentially vulnerable to client-side exploit. To wit, someone steals your notebook, he has your files. On a Cryptree, if you change one bit of a file and then save it, that looks like a new file to the Cryptree (same with a file in the Dropbox folder, by the way). This entire file needs to be synchronized. This is more efficient than a monolithic volume system like TrueCrypt but is also a little weaker. An analyst can see which files on a Cryptree are modified and the times of these modifications. --Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
