ownCloud moves ahead
Posted Jan 5, 2012 14:36 UTC (Thu) by njwhite
Parent article: ownCloud moves ahead
But, for users that are storing their data on someone else's server (e.g. a friend or service provider), client-side encryption will be needed. That seems like a harder nut to crack because it requires code on each and every client. Without that, though, there can never be any real assurance that the data is not accessible to whoever provides the service—and possibly to attackers that compromise the server.
Couldn't you have some scheme along the lines of using the password from HTTP digest to read an encrypted file on the server? I presume I'm overlooking something, but that seems like it should work, and would only require server-side support.
to post comments)