Online Storage, do you trust?

rafoxrafox
in Feedback
Hello guys,

Hi, I’m working on a research project to ensure privacy and security data storage using public cloud providers.

If you work with sensitive data that you want to privacyprotect, can you give me some advice over a 20min Skype call?

Thanks in advance!

Skype: rafmira2006

Comments

  • OmniNegroOmniNegro
    edited December 2014
    No. But I will link you to a few easy direct encryption choices that will let you store your files on any cloud without them ever being able to see the content in any way.

    The first and easiest is 7zip. It is an archiver, but you can use the "store" option for better speed with media that is not going to compress due to it already being compressed like most videos. The AES encryption it features is easy and checking the little box makes it encrypt even the names of the files until the password is put in.

    And it like all these options if freeware.

    Next is making a container file for your files. This an and often does lead to wasted space, so do not make it too large for your needs.

    You can use Truecrypt 7.1a or the newer and debatably better Veracrypt.

    http://www.7-zip.org/
    https://www.grc.com/misc/truecrypt/truecrypt.htm
    https://veracrypt.codeplex.com/
  • rafoxrafox
    Wow, thank you very much for all these resources! And the ultra quick response!

    Actually, I have developed a software that encrypt your file, split it into several parts (RAID on Clouds style) and store each part into a cloud provider or private server (FTP, NFS, etc). So you can have confidentiality, redundancy and privacy very easily and straightforward (even for regular non-tech users).

    I basically just want to see if others also have such problem with online storage or if it was just me and maybe even find some beta testers.

    So, if you got interested, please contact me and we can have an informal talk.

    Thanks again.


  • Osborne_CoxOsborne_Cox
    I started using Mega lately which has encryption built in:
    https://mega.co.nz/#help/security
  • OmniNegroOmniNegro
    7Zip can also be split to whatever sized parts work best for you. And if you think some parts may go missing later, you can use a tool like Multipar to make a parity set of any size you want that will rebuild any missing files so long as you have enough blocks. (Blocks being the size of the parity pieces, while each file can have any size, the blocks it is split into can be any size as well, so if you have even a partial file, it will count for something so long as the intact part is large enough to be one or more blocks.)

    Here is another link if you are interested. Do note that Multipar is not in any way an encryption method, but it complements split files very well since you can build as many of them as you like.
    http://multipar.eu/
  • noblebeastnoblebeast
    Any file on any "Cloud storage" provider/service can be accessed by who ever it is that runs the "cloud storage".
    That's not true. SpiderOak, for instance, uses client-side encryption, which means they cannot access the data even if they wanted to. You could use an encrypted file container (e.g., Veracrypt) in conjunction with cloud storage to achieve the same outcome.
  • HurikaHurika
    http://mozy.co.uk/product/solutions also uses also client-side encryption, which means they cannot access the data should they want that at all. 
  • OmniNegroOmniNegro
    http://mozy.co.uk/product/solutions also uses also client-side encryption, which means they cannot access the data should they want that at all. 
    I would really doubt that. They do not even claim not to have access to the unencrypted files. They make no mention of not having their own copy of the keys.
  • catcher749catcher749
    http://mozy.co.uk/product/solutions also uses also client-side encryption, which means they cannot access the data should they want that at all. 
    I would really doubt that. They do not even claim not to have access to the unencrypted files. They make no mention of not having their own copy of the keys.
    http://mozy.co.uk/product/features/military-grade-security

    Mozy encrypts each file before it’s sent over the wire, during transit,
    and at rest in our state-of-the-art data centres. And, if that doesn’t
    make you feel secure, how about this? You can choose your own personal
    encryption key or corporate key (c-key), which is known only to you and
    uses 256-bit AES encryption—the same encryption standard used by the
    military.
  • OmniNegroOmniNegro
    edited December 2014
    http://mozy.co.uk/product/solutions also uses also client-side encryption, which means they cannot access the data should they want that at all. 
    I would really doubt that. They do not even claim not to have access to the unencrypted files. They make no mention of not having their own copy of the keys.
    http://mozy.co.uk/product/features/military-grade-security

    Mozy encrypts each file before it’s sent over the wire, during transit,
    and at rest in our state-of-the-art data centres. And, if that doesn’t
    make you feel secure, how about this? You can choose your own personal
    encryption key or corporate key (c-key), which is known only to you and
    uses 256-bit AES encryption—the same encryption standard used by the
    military.
    Here. I found a page that has better information on this subject.
    http://support.mozy.co.uk/articles/en_GB/Documentation/understanding-encryption

    If you use the "Default Encryption Key", they absolutely have the key. Here it is in their own words.

    "The Mozy default encryption keys are 448-bit keys created using the Blowfish algorithm.

    Mozy
    stores the key separately. This lets us automatically decrypt your
    files when you download or restore them. This is the least complicated,
    most seamless experience for users, imposing no restrictions on any Mozy
    features."

    So according to them, the only way you are free from some entity pressuring them for the keys is to use their more expensive services with your own key. But if you were going to do that, you may as well just make a Truecrypt volume and be done with it.

    Edit* I struckthrough the words "more expensive" since I see no actual proof of this.
  • catcher749catcher749
    Where does it say it's more expensive?
  • OmniNegroOmniNegro
    Where does it say it's more expensive?
    You are right. I edited it to remove those words. I honestly have no idea how it works.

    If anyone is going to use the service, make sure you use your own AES-256 key. If you leave the encryption to them, they do have the key. And that means they could be compelled by a court to hand it over to just about anyone for some reason.
  • OmniNegroOmniNegro
    edited January 2015
    Since it is on topic here, VeraCrypt just released a new version that fixes the bootloader and allows it to support TrueCrypt 6.0 volumes. I have no idea if that means volumes made in 7.1a will work or not. Still, it is a big step towards that goal. They once said they would not support existing TC volumes, but I guess user demand is too high.
    https://veracrypt.codeplex.com/

    *Edit* Drat. Now I feel the fool here. I reread the documentation and it seems I somehow missed one line from the last release. This new release only adds the support of the "Old" TC 6.0 to the existing support of all modern TC volumes. So I am editing the posts here and the other thread where I mentioned this to include this detail.
Sign In or Register to comment.