ownCloud 4 released
Posted May 22, 2012 16:26 UTC (Tue) by aggelos
Parent article: ownCloud 4 released
Took a look at the encryption plugin and I gotta wonder what the point is. Encryption has to happen server side, so whoever controls the server trivially has access to all the data when you try to decrypt anything. The key is encrypted with the user's password (the unsalted hash of which is stored in the db, apparently?) and is generated by calling mt_rand(10000,99999) (a PRNG) 4 times in a row and concatenating, so offline attacks should work just fine. Am I misreading the code? What's the usecase here?
to post comments)