[Owncloud] Encryption in OC 5

Adrian Sevcenco Adrian.Sevcenco at spacescience.ro
Wed Mar 13 06:27:13 UTC 2013 

On 03/13/2013 12:22 AM, Andrew Warren wrote:
> Adrian Sevcenco wrote:
> 
>> what it is supposed to be encrypted and why? (beside https which
>> is obvious) Because, with the exception of encrypting files on the 
>> client (one by one before getting uploaded), i see no point of 
>> encrypting anything .. so i ask in order to educate myself :)
> 
> Adrian:
> 
> I am an OwnCloud user, not a developer, so these are only my
> thoughts.  I am sure the developers have a more complete answer.
> 
> It seems to me that encrypting files on the client before uploading
> would prevent efficient syncing (and deduplication, if that is
> implemented on the server).
i agree

> Encrypting files on the server is definitely less secure than
> client-side encryption in some scenarios (e.g., malicious system
> administrator -- an issue if OwnCloud is running on a hosted server).
> However, it does provide a defense against data disclosure as a
> result of hardware theft or unsophisticated unauthorized access, and
> it might even be sufficient to meet the privacy requirements of
> certain industries (medical records, financial records, etc.).
well, the encryption key must reside on the server in order to encrypt
something on the server .. so there is no defense against data
disclosure or theft.
At most could be used a scheme complex like :
the key is only on the client and is not recorded anywhere--> the
storage on the server is an encrypted file which is mounted as a
filesystem--> the sync is done like normal sync but at the exit of the
last client (or after a timeout) the file is unmounted. if the secret
key is lost you will just have a very big file in your account.
the little detail would be how can you mount an encrypted file without
storing your key (even temporary) on the disk...

The thing is that i would be interested in encryption but i found no
solution so far .. but maybe more brains can find one :D

Thanks,
Adrian






> 
> -Andrew
> 
> === Andrew Warren  - awarren at synaptics.com === Synaptics, Inc - Santa
> Clara, CA _______________________________________________ Owncloud
> mailing list Owncloud at kde.org 
> https://mail.kde.org/mailman/listinfo/owncloud
> 
> 


-- 
----------------------------------------------
Adrian Sevcenco                              |
Institute of Space Sciences - ISS, Romania   |
adrian.sevcenco at {cern.ch,spacescience.ro} |
----------------------------------------------

More information about the Owncloud mailing list