John Adams: > Why don't you just get around the problem entirely and use Dropbox's > storage for encrypted disk images? > > If you have data sufficiently encrypted, it doesn't matter how it's stored.
I generally agree that the data should be encrypted, though I think it should also be authenticated and integrity checked before it is actually used. The main concern that I have is that an attacker pwning a Dropbox account could tamper with encrypted files. I think that EncFS or FileVault might not handle malformed disk images very well. I'm sure this is true of any disk or file encryption program - most software is pretty terrible when the attack surface is radically increased. I also think most disk images are not actually that difficult to brute force - I was involved in a project to perform FileVault bruteforcing accelerated by an FPGA a few years ago. With a modern GPU, I think things are pretty slanted toward the attacker. In this - I rather like what I've read about SpiderOak but I haven't seen a totally free implementation of the client or the server side... All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
