Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] AeroFS

> From: Mike Small [mailto:smallm at panix.com]
> Sent: Sunday, April 20, 2014 11:20 AM
> 
> How do you examine closed source crypto?

Actually, here's a real good point:  I did /not/ read the Truecrypt or Keepass source, in order to determine their strengths and weaknesses.  I know from documentation and the interface, what standard crypto libraries they're using, what sources of random they are using, and how strong it all is.  I know they're storing ciphertext on disk, and the weakpoint of Truecrypt is the password.

I know the weakpoint in dropbox is the password.  They are using AES 256 encryption at rest, which is strong, except for the fact that they know your password and therefore you have security *only* to the extent that all of their employees want you to, and haven't been hacked or coerced by the government, don't have any disgruntled former employees, etc.

I'm a fan of this "never give your password to anyone" idea.  As described in the "Good and Bad Crypto" thread.
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org