[Owncloud] File encryption notes
Marta Rybczynska
marta at rybczynska.net
Sun Oct 30 20:20:19 UTC 2011
Hello all,
I've looked into the in-development file encryption mechanism in Owncloud.
I think it can see some improvements.
First, currently it is using ECB encryption mode. ECB is rarely used
because it is not very secure: it always encrypts the same plaintext
block into the same ciphertext. An attacker can try to modify such file
by introducing a known block, can build dictionaries etc. Wikipedia
has a nice explanation on the subject:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
It would be better to use a more secure mode, for example the simple
CTR (counter) mode. Even better would be to have also something that
prevents file modification/corruption. Like a hash of the unencrypted file
added to the stored, encrypted file. Then, at decryption, it would be easy
to check if the file is in the right state.
What do you think?
Marta
More information about the Owncloud
mailing list