Hi Steve,
thanks so much for your feedback. We will change the AES implementation
asap, and Stanford's JS Crypto is a perfect candidate. Thanks for
pointing it out.
We have looked at the SecureDocs project, but the code at their web only
works with old Firefox version. Do you know whether the authors plan to
release a new version according to the SPCC 2012 paper?
Kind regards,
Carmela
On 14/04/2013 1:09, Steve Weis wrote:
Hi. SafeGDocs appears to use a unsafe implementation of AES-CTR mode
from here:
http://www.movable-type.co.uk/scripts/aes.html
Two problems with this library:
- It generates a predictable CTR mode IV using time of day.
- There is apparently no authentication of the ciphertext, which in
CTR mode means you can trivially modify messages.
The SafeGDocs overlay.js that calls the Movable Type AES library has
been minified for no apparent reason. I didn't bother to unminify it
to look at it.
This similar project, SecureDocs, happens to use the same library, but
only for a key derivation function. They're using Stanford's JS Crypto
for the actual encryption: http://www.mightbeevil.com/securedocs/
I haven't looked at SecureDocs in depth, but Nate Lawson gave it a
thumbs up:
http://rdist.root.org/2011/05/09/encrypted-google-docs-done-well/
On Sat, Apr 13, 2013 at 8:12 AM, Michael Rogers
mich...@briarproject.org mailto:mich...@briarproject.org wrote:
Original Message
Date: Mon, 08 Apr 2013 11:03:51 +0200
From: Carmela Troncoso ctronc...@gradiant.org
mailto:ctronc...@gradiant.org
To: p...@lists.links.org mailto:p...@lists.links.org
Hello everybody,
in the last year we have been developing at Gradiant
(http://www.gradiant.org/en.html) a Firefox addon that allows users to
easily encrypt and share documents in Google Drive in such a way that
data is not accessible to the service provider. We are now releasing a
version and would love to have the feedback of the community both
about
its usability and security.
You can download the addon here:
http://www.safegdocs.com/en/home.html
and find the associated academic papers here:
http://www.gradiant.org/images/stories/2010_cloudviews_googledocsprivacy.pdf
http://www.gradiant.org/images/stories/sharing_secure_documents_in_the_cloud.pdf
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech