[Ach] OT: A Question About the Setup of "Cloud" E2E Encr
Daniel Frank
ach-cert-at-87234 at danielfrank.net
Mon Jan 26 23:11:15 CET 2015
Hello,
Am Montag, 26. Januar 2015, 23:03:30 schrieb Axel Hübl:
> Wouldn't it be extremely trivial just to generate that information just
> from one "login" that is *not* shared with the provider?
>
>
> Example "Dropbox"/Cloud encryption:
>
> Choose a password, generate a sha512 and sha3 hash from it. [1]
> Set the sha512 as your user password (given to the provider as usual
for
> authentication) and use the sha3 as a symmetric key for encryption
> (never shared with the provider).
>
https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/
As far as I understand it, that's exactly how Firefox Sync works now, even
though the algorythm differs in details.
So yes, it's possible and it's used.
Regards,
Daniel Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150126/8deb4337/attachment.html>
More information about the Ach
mailing list