LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ownCloud moves ahead

ownCloud moves ahead

Posted Jan 5, 2012 14:36 UTC (Thu) by njwhite (subscriber, #51848)
Parent article: ownCloud moves ahead

But, for users that are storing their data on someone else's server (e.g. a friend or service provider), client-side encryption will be needed. That seems like a harder nut to crack because it requires code on each and every client. Without that, though, there can never be any real assurance that the data is not accessible to whoever provides the service—and possibly to attackers that compromise the server.

Couldn't you have some scheme along the lines of using the password from HTTP digest to read an encrypted file on the server? I presume I'm overlooking something, but that seems like it should work, and would only require server-side support.

(Log in to post comments)

ownCloud moves ahead

Posted Jan 5, 2012 16:52 UTC (Thu) by amarjan (guest, #25108) [Link]

Where would the decryption take place (i.e. what do you mean by "read")?

I assume you mean that decryption happens on the server and you provide the server with the password each time you need to access something. In that case the server provider has your data the instant you submit the password to the server. The password will exist at least in server memory, and your unencrypted files will also exist at least in server memory.

The only way to guard against a malicious server (whether intentional or compromised) is to encrypt files on the client and provide only encrypted blobs to the server.

ownCloud moves ahead

Posted Jan 5, 2012 17:06 UTC (Thu) by njwhite (subscriber, #51848) [Link]

> I assume you mean that decryption happens on the server and you provide the server with the password each time you need to access something.

Yes, this is what I meant.

> In that case the server provider has your data the instant you submit the password to the server. The password will exist at least in server memory, and your unencrypted files will also exist at least in server memory.

Yes, that's true. So the unencrypted data only exists in server memory, while you're logged in. Not perfect, for sure, but perhaps good enough. Protects against e.g. server theft. Doesn't protect against hostile server operators at all, of course.

ownCloud moves ahead

Posted Jan 18, 2012 3:17 UTC (Wed) by Duncan (guest, #6647) [Link]

... And in not protecting against server operators (hostile or not), it doesn't protect against government or even foreign government (see US and even foreign corps required to gather SWIFT data by US law enforced on other nations, despite European data directives, etc).

The ONLY way to protect even customer /friendly/ server ops against such government intrusion is if there's simply no way for them to get at the data, period, meaning they must only have access to the encrypted blobs, period, and if they're friendly, they don't even WANT the chance of seeing the unencrypted data, since then they could be ordered to provide it.

Client-side encryption and audited open source code to ensure no backdoors is the only way for a service provider to protect /itself/ against such forced government, even foreign government, cooperation. If all they get is the blob, they can happily turn over the blob, but that and possibly account info is all they have to turn over, which is exactly how a good company will want it!

Duncan

ownCloud moves ahead

Posted Jan 25, 2012 19:47 UTC (Wed) by JanC_ (guest, #34940) [Link]

> Yes, that's true. So the unencrypted data only exists in server memory,
> while you're logged in. Not perfect, for sure, but perhaps good enough.
> Protects against e.g. server theft.

Actually, it does not even protect against server theft in all cases (remember this unencrypted data might get swapped out to disk, and the fact that RAM isn't erased on reboot).

ownCloud moves ahead

Posted Jan 28, 2012 7:25 UTC (Sat) by tanghus (guest, #82609) [Link]

Oh, comon, seriously. Do you expect a system meant for "everyday persons" who may have a hosted web space or use their own PC with ownCloud to have enterprise encryption? Go look at owncloud.com and they will probably give you an estimate on the cost. ownCloud is supposed to be able to run on the minimum requirenment of both hw and sw with the maximum protection.If you want more than that you have to get out the mole skin.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds