[Ach] OT: A Question About the Setup of "Cloud" E2E Encr

Daniel Frank ach-cert-at-87234 at danielfrank.net
Mon Jan 26 23:11:15 CET 2015


Am Montag, 26. Januar 2015, 23:03:30 schrieb Axel Hübl:
> Wouldn't it be extremely trivial just to generate that information just
> from one "login" that is *not* shared with the provider?
> Example "Dropbox"/Cloud encryption:
> Choose a password, generate a sha512 and sha3 hash from it. [1]
> Set the sha512 as your user password (given to the provider as usual 
> authentication) and use the sha3 as a symmetric key for encryption
> (never shared with the provider).

As far as I understand it, that's exactly how Firefox Sync works now, even 
though the algorythm differs in details.

So yes, it's possible and it's used.

Daniel Frank

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150126/8deb4337/attachment.html>

More information about the Ach mailing list