[Ach] OT: A Question About the Setup of "Cloud" E2E Encr
azet at azet.org
Mon Jan 26 23:46:22 CET 2015
Axel Hübl wrote:
> I guess that idea is a bit off-topic for the list but I was wondering
> about this since some weeks but never took the time to write it down.
> In practice, one main thing that stops using end-to-end crypto in
> mainstream for (cloud) services is the annoying setup on distributed
> devices. One basically changes "one account + password" to "one account
> + password + key/2nd secret".
> Wouldn't it be extremely trivial just to generate that information just
> from one "login" that is *not* shared with the provider?
tarsnap. Tahoe-LaFS et cetera.
> Example "Dropbox"/Cloud encryption:
> Choose a password, generate a sha512 and sha3 hash from it. 
> Set the sha512 as your user password (given to the provider as usual for
> authentication) and use the sha3 as a symmetric key for encryption
> (never shared with the provider).
something like a KDF? :)
> Example PGP Keys:
> Same idea. Upload the symmetrically encrypted private key (huh!) to your
> provider (e.g. in a specified IMAP folder or attribute). If your
> provider returns a tampered encrypted key to you (that you decrypt only
> locally with your 2nd password) the result should return crap - should
> be easy to detect.  The setup of a new device is as easy as setting
> up a device before but one can immediately import they keys.
> Am I missing something or did someone already implement that?  If we
> assume that the two "derived passwords" (one for the provider and one
> for the symmetric de/encryption) do not allow deduction to each other
> that should work pretty simple. 
> That workflow does not solve any problems with authentication to "other
> users" (web of trust, CA system, ...) nor does it influence the created
> meta-data. But it lowers the burden of setting up multiple devices *of
> the same user* that are nevertheless the starting point. And of course
> it makes the egoistic self-sharing of calendars/mails/files easier.
> Probably it's just extremely random, so I am already sorry for the noise
> in your inbox.
> No references, just random notes (buhh!):
>  Alternatively: hash the password, use/hash each half of the initial
> has again to create two passwords.
>  Next option: your provider hates you and removes your encrypted
> private key: change the provider and use your local usb-backup of your
> private key.
>  There should be at least some drop-box encryption tools that do it
> like that, aren’t they? Anyway, someone heard something about that for
>  If your provider limits the password lengths: just crop the
> "password-hash" to e.g. 20 chars. That is still hard enough to
> brute-force it, assuming your input password was not trivial (else an
> attacker just tries hashes of that as usual).
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach