[Owncloud] Encryption
Dirk Kastens
dirk.kastens at uni-osnabrueck.de
Tue May 22 09:33:24 UTC 2012
Hi,
someone recently posted, that OC4 uses the user's password as a key for
file encryption.
I just tested it, and it's true. This means: as soon as someone changes
his password, he cannot access his files anymore!!!!!! This is a real
bad joke, IMO!!!!!
I don't know if this also applies to local users. I logged in with an
ldap account, uploaded a test file, logged out, changed my ldap
password, logged in again - and the file was unreadable!!!! I switched
back to the old password and could read the file again.
This really can't be true. If you are forced to change your password by
some password policy, and you are not allowed to use the old password
again, you will loose all your files.
Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4814 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120522/25fab67f/attachment.bin>
More information about the Owncloud
mailing list