[Owncloud] Encryption

[Tom Needham]

On 22 May 2012, at 11:20, Andreas Schneider wrote:
> It isn't tricky, secure server side encryption is simply not possible!

What about the case where you have multiple external storage points mounted into your ownCloud. (It's not possible yet but) files would be encrypted on your ownCloud server, and then stored on the external storage encrypted. This would mean you could extend your owncloud storage using external sources and they don't have access to your files.

i think this is/should be a goal for oc5

Cheers,
Tom

Tom Needham
tom at owncloud.com



On 22 May 2012, at 11:20, Andreas Schneider wrote:

> On Tuesday 22 May 2012 12:09:09 Frank Karlitschek wrote:
>> On 22.05.2012, at 11:58, Dirk Kastens <dirk.kastens at uni-osnabrueck.de> 
> wrote:
>>> Hi Frank,
>>> 
>>>> ownCloud updates the encrypted key, which is used to encrypt the files,
>>>> every-time a user or admin changes the password. So password change is
>>>> possible. But this only works for local accounts at the moment and
>>>> doesn´t work with ldap users because we don´t get notification if a
>>>> password is changed remotely. The only solution to solve this is to
>>>> store the password locally and compare it with the ldap login password
>>>> at the moment the user logs in and update the encrypted key. This would
>>>> be a huge security problem obviously.
>>>> 
>>>> Because of that encryption and ldap are both switched off by default
>>>> currently. We don´t recommend that admins turn on both at the same time
>>>> because of the reason you just mentioned. I will add a warning to the
>>>> code about that.
>>>> 
>>>> Sorry for the trouble. We try to improve the encryption significantly in
>>>> the next version and we hope to find a solution for ldap users.> 
>>> OK, but I don't understand, why you use the user's password as the key. In
>>> the encryption module of Drupal, for example, you have to enter the
>>> encryption key in the admin menu, and it is stored in the database. Other
>>> systems are using a hidden file for the key. But the user password is
>>> really a bad idea, IMO
>> Encryption is useless if you store the data and the key on the same machine.
>> A hidden file is not inaccessible for an admin. So this doens´t give
>> additional security to the user at all.
> 
> If you encrypt and decrypt on the server there is no real security at all. The 
> admin/person having full access to the machine will always have a way to get 
> the encryption password.
> 
>> Having a separate encryption password independently from the login password
>> would be possible but then you break WebDAV access and even ldap
>> integration is kind of useless if you have to type in a locally stored
>> second password to access your files which is not in ldap centrally.
>> 
>> So having the perfect encryption system is really tricky. There are always
>> pros and cons for every crypto solution. In the next release we want to
>> provide a more advanced solutions with config options to a user can choose
>> which kind of encryption should be used.
> 
> It isn't tricky, secure server side encryption is simply not possible!
> 
> 
> 	-- andreas
> 
> -- 
> Andreas Schneider                   GPG-ID: F33E3FC6
> www.cryptomilk.org                asn at cryptomilk.org
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120522/da38b297/attachment.html>