[Ach] OT: A Question About the Setup of "Cloud" E2E Encr
Axel Hübl
axel.huebl at web.de
Mon Jan 26 23:28:57 CET 2015
Hi,
On 26.01.2015 23:11, Daniel Frank wrote:
> Hello,
>
>
>
> Am Montag, 26. Januar 2015, 23:03:30 schrieb Axel Hübl:
>
>> Wouldn't it be extremely trivial just to generate that information just
>
>> from one "login" that is *not* shared with the provider?
>
>>
>
>>
>
>> Example "Dropbox"/Cloud encryption:
>
>>
>
>> Choose a password, generate a sha512 and sha3 hash from it. [1]
>
>> Set the sha512 as your user password (given to the provider as usual for
>
>> authentication) and use the sha3 as a symmetric key for encryption
>
>> (never shared with the provider).
>
>>
>
> https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/
thanks, yes it is!
And does anyone know a system for pgp keys as described for the IMAP case?
Are there drawbacks (besides if one is not backup'n the key)?
Axel
>
>
>
> As far as I understand it, that's exactly how Firefox Sync works now,
> even though the algorythm differs in details.
>
>
>
> So yes, it's possible and it's used.
>
>
>
> Regards,
>
> Daniel Frank
>
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150126/1f6e5769/attachment.sig>
More information about the Ach
mailing list