[Owncloud] Encryption

Andreas Schneider asn at cryptomilk.org
Tue May 22 10:20:23 UTC 2012 

On Tuesday 22 May 2012 12:09:09 Frank Karlitschek wrote:
> On 22.05.2012, at 11:58, Dirk Kastens <dirk.kastens at uni-osnabrueck.de> 
wrote:
> > Hi Frank,
> > 
> >> ownCloud updates the encrypted key, which is used to encrypt the files,
> >> every-time a user or admin changes the password. So password change is
> >> possible. But this only works for local accounts at the moment and
> >> doesn´t work with ldap users because we don´t get notification if a
> >> password is changed remotely. The only solution to solve this is to
> >> store the password locally and compare it with the ldap login password
> >> at the moment the user logs in and update the encrypted key. This would
> >> be a huge security problem obviously.
> >> 
> >> Because of that encryption and ldap are both switched off by default
> >> currently. We don´t recommend that admins turn on both at the same time
> >> because of the reason you just mentioned. I will add a warning to the
> >> code about that.
> >> 
> >> Sorry for the trouble. We try to improve the encryption significantly in
> >> the next version and we hope to find a solution for ldap users.> 
> > OK, but I don't understand, why you use the user's password as the key. In
> > the encryption module of Drupal, for example, you have to enter the
> > encryption key in the admin menu, and it is stored in the database. Other
> > systems are using a hidden file for the key. But the user password is
> > really a bad idea, IMO
> Encryption is useless if you store the data and the key on the same machine.
> A hidden file is not inaccessible for an admin. So this doens´t give
> additional security to the user at all.

If you encrypt and decrypt on the server there is no real security at all. The 
admin/person having full access to the machine will always have a way to get 
the encryption password.

> Having a separate encryption password independently from the login password
> would be possible but then you break WebDAV access and even ldap
> integration is kind of useless if you have to type in a locally stored
> second password to access your files which is not in ldap centrally.
> 
> So having the perfect encryption system is really tricky. There are always
> pros and cons for every crypto solution. In the next release we want to
> provide a more advanced solutions with config options to a user can choose
> which kind of encryption should be used.

It isn't tricky, secure server side encryption is simply not possible!


	-- andreas

-- 
Andreas Schneider                   GPG-ID: F33E3FC6
www.cryptomilk.org                asn at cryptomilk.org

More information about the Owncloud mailing list